Trojan wyczyscil mi komputer. jak przywrocic system?

[sondhope]

Witam.
Mam Windows 7. Komputer dzialal swietnie do wczoraj. AVG wylapal jakiegos trojana. Zeskanowalam komputer i dostalam wiadomosc ze problem zostal naprawiony i usuniety. Dzisiaj wlaczylam komputer i po okolo godzinie caly byl 'czysty'. Nie ma nic. Na pulpicie jest tylko ikonka "kosza". W menu start tylko gry ktore byly na koputerze od poczatku (karty, pasjanse). Nie mam zadnychy programow, dokumentow, zdjec. Chcialabym przywrocic system z poczatku albo jakims cudem odzyskac programy. Obojetnie co sie uda, mam kopie wszystkich dokumentow i zdjec na dysku podrecznym. Bardzo prosze o pomoc.

Log OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 12/31/2011 10:49:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\KATARZYNA\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.82% Memory free
7.49 Gb Paging File | 5.66 Gb Available in Paging File | 75.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.87 Gb Total Space | 537.11 Gb Free Space | 91.83% Space Free | Partition Type: NTFS

Computer Name: KATARZYNA-PC | User Name: KATARZYNA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/12/31 10:48:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\KATARZYNA\Downloads\OTL.exe
PRC - [2011/12/18 10:02:11 | 000,869,216 | -H-- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/18 10:02:09 | 000,892,768 | -H-- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/16 22:36:40 | 000,307,376 | -H-- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/03 20:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/02 12:28:54 | 000,233,936 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2011/01/21 00:19:36 | 000,206,136 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2010/06/01 09:17:48 | 005,252,408 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/11/24 10:32:22 | 000,234,792 | -H-- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/08/11 10:37:50 | 002,446,648 | -H-- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 18:10:30 | 000,042,368 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 14:24:00 | 000,304,496 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/04/13 08:20:22 | 000,097,432 | -H-- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | -H-- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/12/18 10:02:09 | 001,574,240 | -H-- | M] () -- C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
MOD - [2011/12/18 10:02:09 | 000,892,768 | -H-- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2010/06/01 09:17:46 | 000,929,792 | -H-- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2009/08/21 08:31:06 | 000,488,800 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:[b]64bit:[/b] - [2009/08/11 15:10:48 | 000,252,272 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:[b]64bit:[/b] - [2009/08/04 10:15:06 | 000,826,224 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:[b]64bit:[/b] - [2009/08/03 18:17:56 | 000,137,560 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:[b]64bit:[/b] - [2009/07/29 22:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:[b]64bit:[/b] - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/08 08:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2011/12/18 10:02:11 | 000,869,216 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 05:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/03 20:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/08/02 05:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/08/27 10:28:00 | 000,238,328 | -H-- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/17 09:48:42 | 000,051,512 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 18:55:58 | 000,248,688 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 18:10:30 | 000,042,368 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 17:51:20 | 000,046,448 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/13 08:20:22 | 000,097,432 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2011/08/21 18:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:[b]64bit:[/b] - [2011/08/21 18:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2011/08/03 20:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:[b]64bit:[/b] - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:[b]64bit:[/b] - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:[b]64bit:[/b] - [2010/07/09 12:21:28 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2010/06/21 20:14:28 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:[b]64bit:[/b] - [2010/04/28 21:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2010/04/21 18:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2010/04/21 18:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:[b]64bit:[/b] - [2010/02/05 23:49:24 | 000,690,208 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:[b]64bit:[/b] - [2009/09/09 10:11:58 | 000,943,616 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:[b]64bit:[/b] - [2009/08/29 16:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:[b]64bit:[/b] - [2009/07/30 11:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009/07/28 17:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:[b]64bit:[/b] - [2009/07/24 14:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:[b]64bit:[/b] - [2009/07/20 16:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:[b]64bit:[/b] - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2009/07/07 07:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:[b]64bit:[/b] - [2009/07/04 18:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:[b]64bit:[/b] - [2009/07/02 07:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:[b]64bit:[/b] - [2009/06/29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:[b]64bit:[/b] - [2009/06/29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:[b]64bit:[/b] - [2009/06/24 17:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:[b]64bit:[/b] - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:[b]64bit:[/b] - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:[b]64bit:[/b] - [2009/06/10 13:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:[b]64bit:[/b] - [2006/11/28 20:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:[b]64bit:[/b] - [2006/11/28 20:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2010/07/19 15:28:05 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/07/19 13:35:09 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100808.003\EX64.SYS -- (NAVEX15)
DRV - [2010/07/19 13:35:09 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100808.003\ENG64.SYS -- (NAVENG)
DRV - [2010/07/09 12:42:30 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/09 12:42:30 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/06 02:15:40 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100805.004\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B83346baa-61fd-42ce-8610-d9baee3b6022%7D&mid=9f85c51978372034c2561129a3455829-47ccf553687848d293bb3db367e9d166b83433ae&ds=AVG&v=9.0.0.22&lang=en&pr=fr&d=2011-09-24%2009%3A58%3A01&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/20 07:30:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2011/12/31 10:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/22 09:09:16 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.22\ [2011/12/18 10:02:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 20:13:22 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 20:13:22 | 000,000,000 | -H-D | M]

[2010/07/09 12:28:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KATARZYNA\AppData\Roaming\Mozilla\Extensions
[2011/12/31 09:35:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KATARZYNA\AppData\Roaming\Mozilla\Firefox\Profiles\x7nuqhow.default\extensions
[2011/02/07 12:11:53 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\KATARZYNA\AppData\Roaming\Mozilla\Firefox\Profiles\x7nuqhow.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/18 10:02:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KATARZYNA\AppData\Roaming\Mozilla\Firefox\Profiles\x7nuqhow.default\extensions\staged
[2011/11/09 08:24:26 | 000,003,847 | -H-- | M] () -- C:\Users\KATARZYNA\AppData\Roaming\Mozilla\Firefox\Profiles\x7nuqhow.default\searchplugins\avg-secure-search.xml
[2011/08/05 08:09:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/12 17:42:37 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 20:09:19 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/07 12:11:21 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/03 07:22:58 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/05 08:09:15 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/22 09:09:16 | 000,000,000 | -H-D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/12/18 10:02:19 | 000,000,000 | -H-D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.22
[2011/12/31 10:32:57 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6
[2011/07/20 07:30:37 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
[2011/05/04 03:52:23 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/18 10:02:09 | 000,003,766 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: []  File not found
O4:[b]64bit:[/b] - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{584E4BDC-3D64-490C-A9C8-1A3FA096EB87}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76B67295-9F59-4250-A9AC-C298C4E83033}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F2CF3E-9D1B-42FB-ACEA-1D780B36F0D9}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8649de6b-02e1-11e0-90a3-00266c60cbcb}\Shell - "" = AutoRun
O33 - MountPoints2\{8649de6b-02e1-11e0-90a3-00266c60cbcb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/24 14:04:26 | 000,000,000 | -H-D | C] -- C:\Users\KATARZYNA\Desktop\bo nie chce zeby tu ktos zagladal o
[2011/12/24 13:52:03 | 000,000,000 | -H-D | C] -- C:\Users\KATARZYNA\Desktop\na podrecznym
[2011/12/24 13:18:54 | 000,000,000 | -H-D | C] -- C:\windows\Sun
[2011/12/24 13:15:42 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2011/12/24 13:12:03 | 000,020,480 | -H-- | C] (Microsoft Corporation) -- C:\windows\svchost.exe
[2011/12/18 10:02:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVG Secure Search
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/31 10:42:05 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/31 10:42:05 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/31 10:41:00 | 000,000,898 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 10:33:33 | 000,000,894 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 10:32:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/31 10:32:34 | 3016,884,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 09:47:25 | 085,600,490 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/12/24 18:04:12 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/12/24 18:04:12 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/12/24 18:04:12 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/12/19 08:34:59 | 000,113,461 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjw.avm
[2011/12/19 08:29:03 | 401,419,827 | -H-- | M] () -- C:\windows\MEMORY.DMP
[2011/12/19 08:27:43 | 000,185,057 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2011/12/07 12:12:45 | 000,736,347 | -H-- | M] () -- C:\Users\KATARZYNA\img055.jpg
[2011/12/07 12:12:05 | 000,518,541 | -H-- | M] () -- C:\Users\KATARZYNA\img056.jpg
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/07 12:09:41 | 000,736,347 | -H-- | C] () -- C:\Users\KATARZYNA\img055.jpg
[2011/12/07 12:09:41 | 000,518,541 | -H-- | C] () -- C:\Users\KATARZYNA\img056.jpg
[2011/10/27 22:03:09 | 000,000,000 | -H-- | C] () -- C:\Users\KATARZYNA\AppData\Local\{DB7892B9-1373-447B-82D9-546EC651FF97}
[2010/12/03 09:59:22 | 000,000,424 | -H-- | C] () -- C:\windows\MAXLINK.INI
[2010/07/19 13:07:30 | 000,451,072 | -H-- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2010/07/09 12:18:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/21 05:06:10 | 000,000,000 | -H-- | C] () -- C:\windows\NDSTray.INI
[2010/05/21 04:29:12 | 000,000,000 | -H-- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

< End of report >


[rwid7kidj]

Droga sondhope,
nie mogłem pozostać obojętny na taką prośbę. Zadam Ci kilka pytań.
1. Czy dalej posiadasz AVG?
2. Czy pobierałaś ostatnio jakieś pliki?
3. Czy masz dostęp do swojego dysku podręcznego.
Podam Ci też rozwiązanie:
Pobierz programy ze stron:
1. programosy.pl
2. dobreprogramy.pl

Autor postu otrzymał pochwałę

[sondhope]

Tak, dalej mam AVG. Przez ostatnie dwa miesiace nie pobieralam zadnych plikow, jedyne co to chyba nowa wersje Mozilli i komputer zaktualizowal jave i skypa. Jedyne nowe pliki to byly zdjecia i piosenki ktore mi siostra przez skypa przeslala. Moj dysk podreczny otwarlam na innym komputerze i wszystkie moje dokumenty mam, jeszcze go nie otwieralam na tym, bo nie chce zeby i to sie wyczyscilo. Troche programow ktore potrzebuje juz sciagnelam. Mam tylko nadzieje ze ten trojan juz sobie poszedl ode mnie i nie wyczysci juz nic. Glownie to najbardziej boje sie o hasla do roznych kont ktore moj komputer pamieta.

[wojtas]

masz jakiś raport z antywirusa ?? bo widzę że wszystko startuje z Windows więc powinno być...

co do przywrócenia:

http://www.porady.org/przywracanie-systemu-windows-7/

[sondhope]

zrobilam przywracanie systemu do tego co bylo w listopadzie i odzyskalam czesc programow ale zadnych dokumentow. Przeskanowalam komputer i pokazuje ze trojan ciagle jest. Wklejalam raport z antywirusa, znaczy to co wyszlo ze skanowania (wlasnie zauwazylam ze ten trojan jest nawet w moim pliku z drukarki i w pliku antywirusa!):

Kod: Zaznacz wszystko

Scan "Whole computer scan" completed.
Infections;"38";"19";"19"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"Tuesday 01/03/12   2012    9:52:55 PM"
Scan finished:;"Tuesday 01/03/12   2012    10:08:07 PM (15 minute(s) 12 second(s))"
Total object scanned:;"1276503"
User who launched the scan:;"KATARZYNA"

Infections
;"File";"Infection";"Result"
;"C:\Windows\System32\ThpSrv.exe (2964)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Windows\System32\taskeng.exe (4608)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Windows\System32\dwm.exe (3688)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Windows\System32\conhost.exe (4596)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Windows\explorer.exe (3700)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\Windows Sidebar\sidebar.exe (4388)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (6176)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (6476)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\TOSHIBA\TECO\Teco.exe (3656)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (2492)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (4264)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (3160)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (3080)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (2760)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3288)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1628)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (4300)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (4832)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Program Files (x86)\AVG\AVG2012\avgscana.exe (1056)";"Trojan horse Agent3.ATLI";"Deleted"
;"C:\Windows\System32\ThpSrv.exe (2964):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Windows\System32\taskeng.exe (4608):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Windows\System32\dwm.exe (3688):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Windows\System32\conhost.exe (4596):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Windows\explorer.exe (3700):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\Windows Sidebar\sidebar.exe (4388):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (6176):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (6476):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\TOSHIBA\TECO\Teco.exe (3656):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (2492):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (4264):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (3160):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (3080):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (2760):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3288):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1628):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (4300):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (4832):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
;"C:\Program Files (x86)\AVG\AVG2012\avgscana.exe (1056):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"


Jak sie pozbyc tego czegos?

[wojtas]

Mamy tu prawdopodbnie z Jeefo : infekuje wszystkie pliki .exe
przeskanuj całego kompa tym:

http://www.programosy.pl/program,dr-web-cureit.html ( daj znać czy coś znalazł)
i skanuj :
http://www.sophos.com/support/cleaners/jeefogui.com
i tym:
http://www.bitdefender.com/site/Downloads/downloadFile/120/FreeRemovalTool
skanuj dopóki nic nie będzie znalezione

daj też dwa logi z OTL, opisz sytuacje