Extras.Txt

Babylon atakuje, jak to usunac?

Jak w temacie, Po zainstalowaniu bodaj¿e Deamona pojawi³ siê babylon tab i wyszukiwarka, o ile z tabem sie uporalam wpisujac komendy w mozilli, to wciaz nie odzyska³am podgl±du najczê¶ciej u¿ywanych stron w Mozilli (karta, ktora pojawia sie klikajac przycisk nowa karta w sensie), (wszystkie sta³y sie bia³e). Nie chodzi mi o zamaskowanie gada, tylko o jego usuniecie. Skany Malwarebytes i Doktorkiem nic nie wykaza³y, zamieszczam zatem log z OTL, mo¿e co¶ wy³apa³? Dziekuje z gory :)


OTL Extras logfile created on: 21/08/2012 21:11:37 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = E:\Ochrona
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

15,98 Gb Total Physical Memory | 14,08 Gb Available Physical Memory | 88,08% Memory free
31,96 Gb Paging File | 29,99 Gb Available in Paging File | 93,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,74 Gb Total Space | 20,84 Gb Free Space | 41,89% Space Free | Partition Type: NTFS
Drive E: | 49,80 Gb Total Space | 46,26 Gb Free Space | 92,88% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 292,51 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
Drive G: | 49,65 Gb Total Space | 49,49 Gb Free Space | 99,70% Space Free | Partition Type: NTFS
Drive H: | 297,85 Gb Total Space | 297,38 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
Drive I: | 600,20 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SVARTETTA-PC | User Name: Svartetta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-65817511-2009588810-3967907026-1000\SOFTWARE\Classes\ & lt; extension & gt; ]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
exefile [open] -- " %1 " %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML " %1 "
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe " %1 " (Microsoft Corporation)
InternetShortcut [open] -- " C:\Windows\System32\rundll32.exe " " C:\Windows\System32\ieframe.dll " ,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- " C:\Windows\System32\rundll32.exe " " C:\Windows\System32\mshtml.dll " ,PrintHTML " %1 " (Microsoft Corporation)
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd " %V " (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe " %1 " ,%* (Microsoft Corporation)
exefile [open] -- " %1 " %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML " %1 "
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe " %1 " (Microsoft Corporation)
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd " %V " (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" cval " = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
" VistaSp1 " = 28 4D B2 76 41 04 CA 01 [binary data]
" AntiVirusOverride " = 0
" AntiSpywareOverride " = 0
" FirewallOverride " = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
" EnableFirewall " = 1
" DisableNotifications " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
" EnableFirewall " = 1
" DisableNotifications " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
" EnableFirewall " = 1
" DisableNotifications " = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
" {0A155452-8C76-4BAF-9159-C13662CEF57E} " = lport=139 | protocol=6 | dir=in | app=system |
" {16F4FFDD-036D-4BFB-BB78-C4A9D5C815F8} " = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
" {20925606-E856-40A9-9E3F-61D9BF8181FF} " = rport=10243 | protocol=6 | dir=out | app=system |
" {2197F6C1-20C8-465D-94CA-02AC38875D9F} " = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
" {3597635D-817B-41AF-9F1C-604EA1E21F3A} " = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
" {384E3FDE-C239-41CD-A457-613B5B8C933D} " = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
" {3E3964EE-A352-4D37-BA1E-C0B278FC1C4B} " = lport=138 | protocol=17 | dir=in | app=system |
" {4023F020-7C5A-473C-B4DD-D1656316D6FE} " = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
" {41683B1A-8E4A-49EB-9D67-2790E00A1B44} " = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
" {4192F3EF-EED2-4450-8812-D6F7116BBED3} " = rport=445 | protocol=6 | dir=out | app=system |
" {5E31E439-EAED-4A3F-ADD5-9BFCAE6ED8E1} " = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
" {610EDFCD-32BB-4AEC-9EED-20FE2BF80CC6} " = lport=137 | protocol=17 | dir=in | app=system |
" {92EEC98C-9F1A-4EA5-BE5F-C50278798341} " = rport=139 | protocol=6 | dir=out | app=system |
" {930B87EE-F12C-4102-965B-D1EC289EA4BA} " = lport=2869 | protocol=6 | dir=in | app=system |
" {95CD90F8-FD79-4716-AB1A-6383BF6BAF04} " = lport=10243 | protocol=6 | dir=in | app=system |
" {A5005771-595B-41EA-8385-A674E62B1C6B} " = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
" {AB501726-94A6-4C1D-B777-2F29838298FA} " = rport=138 | protocol=17 | dir=out | app=system |
" {C3FDADC4-BFD3-4DE3-AE31-B054715FDA5D} " = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
" {CF31A70F-0190-4EC9-B4ED-AEFA3FC792ED} " = lport=445 | protocol=6 | dir=in | app=system |
" {D4C1FB52-7F7E-4062-BA24-E1B76C5BF36E} " = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
" {F41906AB-7195-4606-B882-4B89F7A15366} " = rport=137 | protocol=17 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
" {06B6C935-9CC1-498E-9E32-69DFB073AB76} " = protocol=6 | dir=in | app=c:\program files (x86)\bitspirit\bitspirit.exe |
" {2206FCF4-2E16-4D57-A29C-8EAB977F9944} " = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
" {3F931A87-CA6D-48CD-8259-2F00058F64B6} " = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
" {49BBC140-208F-46A1-8EA7-B7DC34C4371C} " = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
" {4C967656-B6B0-4A0E-83E2-C655AE4ECB89} " = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
" {4E286FE6-1D32-49F6-AEE6-36F7BE19C11F} " = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
" {4EFAC2CE-A721-4D2D-9BB1-86F2A508C69A} " = protocol=17 | dir=in | app=c:\program files (x86)\bitspirit\bitspirit.exe |
" {60A70D96-166F-458E-BED9-AA1E79DD5FCD} " = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
" {63A0FC6C-A9A2-4A50-986E-DF5F19782208} " = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
" {7854824F-4679-46BC-9A2D-9C592418AFF6} " = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
" {7EF64F92-4DC0-43BE-8632-01E521646DD7} " = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
" {87A95663-81A6-4D28-B143-B7D8F126D432} " = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
" {9A952D1A-A4E9-4B4B-96AA-44611DD6B8FB} " = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
" {A1E3AA71-13C5-4136-977B-D4C936A0F4FD} " = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
" {CD75CC39-0B89-42A7-B1C3-32E2A3CA655B} " = protocol=6 | dir=out | app=system |
" {D0F11036-A590-4458-941F-E7E1836F3C6D} " = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
" {D2F465F1-4279-4740-8585-4E2FA2DBF930} " = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
" {DBD14B66-81E3-476D-A778-262527322827} " = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
" {DDC6253C-B8AF-4A14-9DD8-AA59C79E3B76} " = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
" {DE28B9B9-2700-4820-9284-F9DA196F9E89} " = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
" {E6F179DC-0A85-47D0-96EE-3B30F368241D} " = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
" {E7C0B05D-63B1-440F-9EAA-8A241EABE197} " = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
" {F15CC994-48ED-4BDD-833E-429891DD29AF} " = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
" TCP Query User{DD1146BE-15E7-4660-A193-D3F3673684C5}C:\program files (x86)\wapster\wapster aqq\aqq.exe " = protocol=6 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe |
" UDP Query User{61594F93-6862-4E17-8F88-15DB39FF62DB}C:\program files (x86)\wapster\wapster aqq\aqq.exe " = protocol=17 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {4B6C7001-C7D6-3710-913E-5BC23FCE91E6} " = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
" ASRock App Charger_is1 " = ASRock App Charger v1.0.4
" CCleaner " = CCleaner
" NVIDIA Display Control Panel " = NVIDIA Display Control Panel
" NVIDIA Drivers " = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {00203668-8170-44A0-BE44-B632FA4D780F} " = Adobe AIR
" {048298C9-A4D3-490B-9FF9-AB023A9238F3} " = Steam
" {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} " = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
" {65153EA5-8B6E-43B6-857B-C6E4FC25798A} " = Intel(R) Management Engine Components
" {77DCDCE3-2DED-62F3-8154-05E745472D07} " = Acrobat.com
" {8833FFB6-5B0C-4764-81AA-06DFEED9A476} " = Realtek Ethernet Controller Driver For Windows 7
" {8A809006-C25A-4A3A-9DAB-94659BCDB107} " = NVIDIA PhysX
" {AC76BA86-7AD7-1033-7B44-A90000000001} " = Adobe Reader 9
" {DFBB738C-71D8-4DC5-B8D2-D65C37680E27} " = Etron USB3.0 Host Controller
" {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} " = Realtek High Definition Audio Driver
" {F3D9AC82-30F4-4BB9-B9AB-8697637568C1} " = Sound Blaster X-Fi MB
" 7-Zip " = 7-Zip 9.20
" Adobe AIR " = Adobe AIR
" Adobe Flash Player Plugin " = Adobe Flash Player 11 Plugin
" AQQ " = WapSter AQQ
" ASRock eXtreme Tuner_is1 " = ASRock eXtreme Tuner v0.1.54
" ASRock InstantBoot_is1 " = ASRock InstantBoot v1.26
" avast " = avast! Free Antivirus
" BitSpirit_is1 " = BitSpirit v3.6.0.550 Stable
" BurnAware Free_is1 " = BurnAware Free 5.1
" com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 " = Acrobat.com
" DAEMON Tools Lite " = DAEMON Tools Lite
" InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27} " = Etron USB3.0 Host Controller
" IrfanView " = IrfanView (remove only)
" Malwarebytes' Anti-Malware_is1 " = Malwarebytes Anti-Malware wersja 1.62.0.1300
" Mozilla Firefox 14.0.1 (x86 pl) " = Mozilla Firefox 14.0.1 (x86 pl)
" MozillaMaintenanceService " = Mozilla Maintenance Service
" NVIDIAStereo " = NVIDIA Stereoscopic 3D Driver
" Super Balls_is1 " = Super Balls

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 21/08/2012 08:51:08 | Computer Name = Svartetta-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 21/08/2012 08:51:09 | Computer Name = Svartetta-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 21/08/2012 08:51:09 | Computer Name = Svartetta-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 21/08/2012 08:51:09 | Computer Name = Svartetta-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 21/08/2012 08:51:09 | Computer Name = Svartetta-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 21/08/2012 08:52:30 | Computer Name = Svartetta-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/08/2012 09:01:51 | Computer Name = Svartetta-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/08/2012 11:01:21 | Computer Name = Svartetta-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/08/2012 11:19:10 | Computer Name = Svartetta-PC | Source = Software Protection Platform Service | ID = 1017
Description = L'installation de la preuve d'achat a échoué. 0xC004F015 Pkey partiel=7QJB7
ACID=d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Erreur
détaillée[?]

Error - 21/08/2012 15:07:07 | Computer Name = Svartetta-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21/08/2012 08:49:17 | Computer Name = Svartetta-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk3\DR3.

Error - 21/08/2012 08:49:18 | Computer Name = Svartetta-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk3\DR3.

Error - 21/08/2012 08:49:19 | Computer Name = Svartetta-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk3\DR3.

Error - 21/08/2012 08:51:09 | Computer Name = Svartetta-PC | Source = Service Control Manager | ID = 7024
Description = Le service Windows Search s'est arr?té avec l'erreur service particuli?re
%%-1073473535.

Error - 21/08/2012 08:51:09 | Computer Name = Svartetta-PC | Source = Service Control Manager | ID = 7031
Description = Le service Windows Search s'est terminé de mani?re inattendue. Ceci
s'est produit 1 fois. L'action corrective suivante va ?tre effectuée dans 30000
millisecondes : Redémarrer le service.

Error - 21/08/2012 11:07:39 | Computer Name = Svartetta-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\DR2.

Error - 21/08/2012 11:07:40 | Computer Name = Svartetta-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\DR2.

Error - 21/08/2012 11:07:41 | Computer Name = Svartetta-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\DR2.

Error - 21/08/2012 12:34:50 | Computer Name = Svartetta-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\DR3.

Error - 21/08/2012 12:34:51 | Computer Name = Svartetta-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\DR3.


& lt; End of report & gt;


Pobierz plik - link do postu