wirus ukash

[pikus84 0]

--------------------->@pikus84

 

1. Uruchom OTL i w okno Własne opcje skanowania /skrypt

 

 

Wklej

 

:OTL

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
IE - HKU\S-1-5-21-993117073-779075807-1270495712-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=16b04ea0-7650-11e1-b360-1c4bd609dd96&q={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=16b04ea0-7650-11e1-b360-1c4bd609dd96"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-993117073-779075807-1270495712-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-993117073-779075807-1270495712-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-993117073-779075807-1270495712-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKU\S-1-5-21-993117073-779075807-1270495712-1000..\Run: [maxmeawociztimr] C:\ProgramData\maxmeawo.exe ()
:Files
C:\ProgramData\dphgmvcgcvsevws
C:\ProgramData\maxmeawo.exe
C:\ProgramData\wfhzpsudimbtefc
C:\Users\Asia\ms.exe
:Commands
[emptytemp]

 

Kliknij Wykonaj skrypt

 

2.Po restarcie kliknij Sprzątanie

 

3.Wyskanuj system skanerem malwarebytes anti-malware(odrzuć ofertę testową)

 

4.Podaj nowy log z otl

 

--------------------->@pikus84

 

1. Uruchom OTL i w okno Własne opcje skanowania /skrypt

 

 

Wklej

 

:OTL

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
IE - HKU\S-1-5-21-993117073-779075807-1270495712-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=16b04ea0-7650-11e1-b360-1c4bd609dd96&q={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=16b04ea0-7650-11e1-b360-1c4bd609dd96"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-993117073-779075807-1270495712-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-993117073-779075807-1270495712-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-993117073-779075807-1270495712-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKU\S-1-5-21-993117073-779075807-1270495712-1000..\Run: [maxmeawociztimr] C:\ProgramData\maxmeawo.exe ()
:Files
C:\ProgramData\dphgmvcgcvsevws
C:\ProgramData\maxmeawo.exe
C:\ProgramData\wfhzpsudimbtefc
C:\Users\Asia\ms.exe
:Commands
[emptytemp]

 

Kliknij Wykonaj skrypt

 

2.Po restarcie kliknij Sprzątanie

 

3.Wyskanuj system skanerem malwarebytes anti-malware(odrzuć ofertę testową)

 

4.Podaj nowy log z otl

OTL.Txt

Extras.Txt

[Kiciuk 0]

----------------------------------->@@pikus84

 

Jest w porzadku

jedynie kosmetyka

 

 

1. Uruchom OTL i w okno Własne opcje skanowania /skrypt

 

 

Wklej

 

:Files
C:\Users\Asia\AppData\Roaming\.#

 

Kliknij Wykonaj skrypt

 

Tym razem nie będzie się resetować.

 

Na koniec kliknij w OTL-u Sprzątanie

[Rekend 0]

Witam serdecznie,

potrzebuję pomocy przy usunięciu UKASHU

O to raport :

OTL

http://wklej.org/id/809678/

 

Extras

http://wklej.org/id/809679/

 

Z góry dziękuję

[filutka78 11]

--------------------------------->>>@Rekend

 

1) Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL

[2012-07-07 17:24:59 | 000,075,045 | ---- | C] () -- C:\WINDOWS\System32\dcd03e6.exe

[2012-07-07 17:24:58 | 001,915,904 | ---- | C] () -- C:\WINDOWS\System32\f0ea0831.dll

[2012-08-06 22:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol7\Dane aplikacji\hellomoto

[2012-08-04 11:55:00 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Karol7\M-10-8754-86589-55555

[2012-08-03 17:19:18 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Karol7\M-10-6897-8685-3464

[2012-07-14 17:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol7\Dane aplikacji\Ask.com

[2012-07-14 17:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\asktoolbar4

[2012-07-14 17:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karol7\Dane aplikacji\asktoolbar4

O4 - HKCU..\Run: [Microsoft Windows Manager] C:\Documents and Settings\Karol7\M-10-6897-8685-3464\winmgr.exe ()

O4 - HKCU..\Run: [Mjjicrt ddd Manager] C:\Documents and Settings\Karol7\M-10-8754-86589-55555\windog.exe ()

O4 - HKLM..\Run: [sensApi] C:\Documents and Settings\Karol7\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4986\SensApi.exe ()

O4 - HKLM..\Run: [soundMax] C:\Documents and Settings\Karol7\userinit.exe ()

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM..\Run: [browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe ()

 

:Files

C:\Documents and Settings\Karol7\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4986

 

:Commands

[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

 

2) Użyj >USBFix

Kliknij w nim na:DELETION. Daj raport z tego usuwania.

 

3) Użyj >Adw-cleaner (ściągnij na Pulpit i kliknij w nim Delete

Pokaż raport z niego C:\AdwCleaner[s1].txt

 

4) Zrób nowy log z OTL.

 

F.

(dziś już nie będzie mnie na Forum)

[Rekend 0]

Dziękuję bardzo za pomoc

 

Wszystko działa.

 

Wysyłam jeszcze raport z AdwCleaner i OTL.

AdwCleanerS1.txt

OTL.Txt

[filutka78 11]

--------------------------------->>>@Rekend

 

Nie dałeś raportu z USBFix - daj go.

 

Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL

O2 - BHO: (AskToolbar) - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll File not found

O2 - BHO: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll ()

O2 - BHO: (extrafind) - {dc6ead7e-bbaa-a4f4-3f7d-9647300c4cdb} - C:\WINDOWS\system32\f0ea0831.dll File not found

O3 - HKLM\..\Toolbar: (AskToolbar) - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll File not found

O3 - HKLM\..\Toolbar: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll ()

O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found

O4 - HKLM..\Run: [soundMax] C:\Documents and Settings\Karol7\userinit.exe ()

O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found

 

:Commands

[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.

Pokaż nowy log OTL.txt oraz raport z usuwania Scriptem.

 

F.

[Skwarek-pl 0]

Hej, ten sam problem co u innych... zainfekowany lapek, w załączniku raporty. Bóg zapłać temu kto poświęci swój czas żeby pomóc w postaci skryptu

OTL.Txt

Extras.Txt

[Kiciuk 0]

----------------------------------->@Skwarek-pl

 

1. Uruchom OTL i w okno Własne opcje skanowania /skrypt

 

 

Wklej

 

:OTL
O4 - HKU\S-1-5-21-1634518244-876352608-789776145-1000..\Run: [nzuigkszymjhikh] C:\ProgramData\nzuigksz.exe ()
:Files
C:\ProgramData\ykgaolytyrqyrga
C:\ProgramData\tqefbcggmijhezi
C:\ProgramData\nzuigksz.exe

:Commands
[emptytemp]

 

Kliknij Wykonaj skrypt

 

 

 

2.Po restarcie kliknij w otl-u Sprzątanie

 

3.Wyskanuj system skanerem malwarebytes anti-malware(odrzuć ofertę testową)

[me-how 0]

Log z trybu awaryjnego. Będę bardzo zobowiązany.

OTL.Txt

Extras.rar

[filutka78 11]

----------------------->>@me-how

 

Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=701f65e4-88bf-11e1-9827-0016e688cf0e

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=701f65e4-88bf-11e1-9827-0016e688cf0e

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..extensions.enabledItems: opensearch@ask.com:2.1.0.0

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

[2010-02-24 21:12:54 | 000,000,000 | ---D | M] (Virtus Ask Search Plugin) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\266n575i.default\extensions\opensearch@ask.com

[2012-04-17 21:12:52 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\266n575i.default\searchplugins\startsear.xml

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\admin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll File not found

O4 - HKLM..\Run: [autorun] G:\System\autorun.exe File not found

O4 - HKCU..\Run: [lsgdjjjrtkmvtgg] C:\Documents and Settings\All Users\Dane aplikacji\lsgdjjjr.exe ()

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

[2012-08-13 19:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\qhifrmrftthkgoj

[2012-08-13 19:57:53 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\lsgdjjjr.exe

[2012-08-13 19:57:49 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\xpiakvjsvkelvdz

[2012-08-13 19:57:46 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\admin\ms.exe

 

:Commands

[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.

Pokaż nowy log OTL.txt oraz raport z usuwania Scriptem.

 

Użyj >Adw-cleaner (ściągnij na Pulpit i kliknij w nim Delete

Pokaż raport z niego C:\AdwCleaner[s1].txt.

 

F.

[me-how 0]

filutka78

, pomogło - wielkie dzięki!

Załączam raporty "po".

Pozdrawiam serdecznie.

OTL.Txt

AdwCleanerS1.txt

rap z usuwania.rar

[filutka78 11]

--------------------------------->>>@me-how

 

Jest OK.

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

W Adw-Cleaner kliknij na przycisk Uninstall.

 

F.

[xlodder 0]

Witam,

Ta sama prośba.

 

Wklejam swoje logi z OLT:

OLT.txt

Extras.txt

 

Z góry dziękuje i pozdrawiam!

[Kiciuk 0]

----------------------->@xlodder

 

1. Uruchom OTL i w okno Własne opcje skanowania /skrypt

 

 

Wklej

 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{3BD7605F-755D-489E-A36C-257127647D84}: "URL" = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
O4 - HKLM..\Run: [TV IR] C:\Program Files (x86)\TV IR\TV IR.exe File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [shellstyle] C:\Users\Bastek\AppData\Local\Microsoft\Windows\783\shellstyle.exe ()

:Files
C:\Users\Bastek\AppData\Roaming\hellomoto
C:\Users\Bastek\AppData\Local\Microsoft\Windows\783

:Commands
[emptytemp]

 

Kliknij Wykonaj skrypt

 

 

Podaj raport z usuwania

 

2.Użyj adwcleaner-a

 

http://general-changelog-team.fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

 

Opcja delete

 

3.Wyskanuj system skanerem malwarebytes anti-malware(odrzuć ofertę testową)

[xlodder 0]

Raport z usuwania

Dziękuje za szybką pomoc

Raport

[Beryl1988 0]

Witam,

Również mam problem z wirusem ukash i proszę o pomoc

 

OTL.TXT

 

 

OTL logfile created on: 2012-08-24 19:19:30 - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\Downloads

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

3,24 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 85,73% Memory free

5,09 Gb Paging File | 4,79 Gb Available in Paging File | 94,12% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 117,19 Gb Total Space | 69,09 Gb Free Space | 58,96% Space Free | Partition Type: NTFS

Drive D: | 348,56 Gb Total Space | 210,50 Gb Free Space | 60,39% Space Free | Partition Type: NTFS

 

Computer Name: SPECIAL-XP | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012-08-24 19:19:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\Downloads\OTL.exe

PRC - [2012-08-24 18:57:37 | 001,022,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2012-08-18 00:28:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-08-18 00:28:55 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll

MOD - [2012-08-18 00:28:54 | 012,236,824 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll

MOD - [2012-08-18 00:28:52 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\pdf.dll

MOD - [2012-08-18 00:27:23 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\avutil-51.dll

MOD - [2012-08-18 00:27:22 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\avformat-54.dll

MOD - [2012-08-18 00:27:21 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll

MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL

MOD - [2008-04-14 22:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011-01-13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010-12-18 20:11:36 | 000,304,528 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01)

SRV - [2010-09-10 17:50:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010-04-06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV - [2009-10-15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2009-04-21 15:03:40 | 000,132,424 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files\Virtual CD v9\System\VC9SecS.exe -- (VC9SecS)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Program everest\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012-01-22 00:42:10 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2012-01-22 00:42:09 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2011-01-13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011-01-13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011-01-13 10:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011-01-13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011-01-13 10:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011-01-13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010-12-18 20:11:36 | 002,915,944 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01)

DRV - [2010-10-28 18:19:47 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2010-04-22 16:08:26 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)

DRV - [2010-03-26 12:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2010-03-08 12:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2010-01-27 10:58:32 | 000,098,928 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (Jraid)

DRV - [2009-11-18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009-11-18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009-08-21 22:24:10 | 000,057,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2009-03-17 18:37:32 | 000,113,688 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vdrv9000.sys -- (vdrv9000)

DRV - [2008-09-04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2008-09-04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2008-09-04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)

DRV - [2008-04-14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2006-09-20 13:42:08 | 000,011,392 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH9Help.sys -- (HH9Help.sys)

DRV - [2003-12-05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011-03-09 21:03:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-03-09 21:03:41 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.83\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

 

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)

O4 - HKLM..\Run: [bCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKCU..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found

O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner[s2].txt ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA4055EF-AC74-4E46-B0B6-98DD3E211250}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011-01-16 23:33:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 14 Days ==========

 

[2012-08-24 19:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Menu Start\Programy\Google Chrome

[2012-08-24 19:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google

[2012-08-24 19:12:03 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\ChromeSetup.exe

[2012-08-24 19:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\Downloads

[2012-08-24 18:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Dane aplikacji\uTorrent

[2012-08-24 18:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\Nowy folder

[2012-08-24 18:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Dane aplikacji\WinRAR

[2012-08-24 17:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Dane aplikacji\Malwarebytes

[2012-08-24 17:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware

[2012-08-24 17:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2012-08-24 17:47:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-08-24 17:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012-08-24 17:46:47 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\mbam-setup-1.62.0.1300.exe

[2012-08-24 16:42:54 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2012-08-24 16:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro

[2012-08-24 16:38:51 | 007,758,424 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\HitmanPro36.exe

[2012-08-24 16:32:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012-08-24 13:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Dane aplikacji\Macromedia

[2012-08-24 13:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Dane aplikacji\Adobe

[2012-08-24 13:13:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\IECompatCache

[2012-08-24 13:09:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\PrivacIE

[2012-08-24 12:24:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012-08-24 12:23:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\IETldCache

[2012-08-24 12:06:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Cookies

[2012-08-24 12:06:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Microsoft

[2012-08-24 12:06:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Dane aplikacji\Microsoft

[2012-08-24 12:06:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\SendTo

[2012-08-24 12:06:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Dane aplikacji

[2012-08-24 12:06:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Menu Start

[2012-08-24 12:06:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Menu Start\Programy\Autostart

[2012-08-24 12:06:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Menu Start\Programy\Akcesoria

[2012-08-24 12:06:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne

[2012-08-24 12:06:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Szablony

[2012-08-24 12:06:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Recent

[2012-08-24 12:06:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\PrintHood

[2012-08-24 12:06:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\NetHood

[2012-08-24 12:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ulubione

[2012-08-24 12:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Pulpit

[2012-08-24 12:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty

[2012-08-23 16:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\pbzzajlcaegehvz

[2012-08-23 16:34:09 | 000,141,824 | ---- | C] (Sharkoon) -- C:\WINDOWS\uonfomzc.exe

[2012-08-23 16:34:09 | 000,141,824 | ---- | C] (Sharkoon) -- C:\Documents and Settings\All Users\Dane aplikacji\uonfomzc.exe

 

========== Files - Modified Within 14 Days ==========

 

[2012-08-24 19:12:37 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Pulpit\Google Chrome.lnk

[2012-08-24 19:12:13 | 000,001,134 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2049760794-1801674531-500Core.job

[2012-08-24 19:12:03 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\ChromeSetup.exe

[2012-08-24 18:57:56 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk

[2012-08-24 18:51:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-08-24 18:49:25 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2012-08-24 18:27:21 | 000,387,584 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\rescue2usb.exe

[2012-08-24 18:12:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012-08-24 18:12:01 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-08-24 18:11:08 | 274,393,088 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\kav_rescue_10.iso

[2012-08-24 17:59:50 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012-08-24 17:47:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-08-24 17:46:54 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\mbam-setup-1.62.0.1300.exe

[2012-08-24 17:37:45 | 000,618,227 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\adwcleaner.exe

[2012-08-24 16:59:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-08-24 16:42:54 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2012-08-24 16:38:58 | 007,758,424 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\HitmanPro36.exe

[2012-08-24 14:35:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2012-08-24 12:28:05 | 001,915,428 | ---- | M] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\AutoRuns.arn

[2012-08-23 16:34:10 | 000,078,021 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\qtpubythetttmql

[2012-08-23 16:34:04 | 000,141,824 | ---- | M] (Sharkoon) -- C:\WINDOWS\uonfomzc.exe

[2012-08-23 16:34:04 | 000,141,824 | ---- | M] (Sharkoon) -- C:\Documents and Settings\All Users\Dane aplikacji\uonfomzc.exe

[2012-08-23 14:00:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2012-08-21 10:27:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-08-20 10:10:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2012-08-17 19:33:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2012-08-13 20:40:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

 

========== Files Created - No Company Name ==========

 

[2012-08-24 19:12:37 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Pulpit\Google Chrome.lnk

[2012-08-24 19:12:13 | 000,001,134 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2049760794-1801674531-500Core.job

[2012-08-24 18:27:20 | 000,387,584 | ---- | C] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\rescue2usb.exe

[2012-08-24 18:11:05 | 274,393,088 | ---- | C] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\kav_rescue_10.iso

[2012-08-24 17:47:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-08-24 17:37:44 | 000,618,227 | ---- | C] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\adwcleaner.exe

[2012-08-24 16:36:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-08-24 13:16:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-08-24 12:08:09 | 001,915,428 | ---- | C] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\AutoRuns.arn

[2012-08-24 12:06:02 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Menu Start\Programy\Pomoc zdalna.lnk

[2012-08-24 12:06:02 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator.SPECIAL-XP\Menu Start\Programy\Windows Media Player.lnk

[2012-08-23 16:34:04 | 000,078,021 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\qtpubythetttmql

[2012-01-22 00:42:10 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2012-01-22 00:42:09 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2012-01-22 00:30:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2012-01-21 17:43:45 | 000,000,318 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2011-01-17 21:26:36 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

[2011-01-17 19:33:45 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2011-01-17 19:19:16 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011-01-17 00:22:29 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011-01-17 00:20:35 | 000,247,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011-01-17 00:10:44 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe

[2011-01-17 00:10:43 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys

[2011-01-17 00:10:40 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011-01-17 00:10:38 | 000,072,304 | R--- | C] () -- C:\WINDOWS\System32\XSrvSetup.exe

[2011-01-17 00:07:06 | 000,138,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2011-01-17 00:02:19 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe

[2011-01-17 00:02:19 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini

[2011-01-16 23:34:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011-01-16 23:33:27 | 000,050,105 | ---- | C] () -- C:\WINDOWS\activ.exe

[2011-01-16 23:29:12 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010-11-18 14:36:11 | 000,000,270 | ---- | C] () -- C:\WINDOWS\game.ini

[2010-11-05 18:35:28 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010-11-04 10:24:36 | 000,001,193 | ---- | C] () -- C:\WINDOWS\eReg.dat

 

< End of report >

 

EXTRAS.TXT

 

 

OTL Extras logfile created on: 2012-08-24 19:19:30 - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Administrator.SPECIAL-XP\Moje dokumenty\Downloads

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

3,24 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 85,73% Memory free

5,09 Gb Paging File | 4,79 Gb Available in Paging File | 94,12% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 117,19 Gb Total Space | 69,09 Gb Free Space | 58,96% Space Free | Partition Type: NTFS

Drive D: | 348,56 Gb Total Space | 210,50 Gb Free Space | 60,39% Space Free | Partition Type: NTFS

 

Computer Name: SPECIAL-XP | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML.GESK4YB3U5JBL3WBFIXZQPYM54] -- C:\Documents and Settings\Administrator.SPECIAL-XP\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" ()

Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = D:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs

"D:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = D:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"D:\Gry\Civ 4\Civilization4.exe" = D:\Gry\Civ 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)

"D:\Gry\Civ 4\Warlords\Civ4Warlords.exe" = D:\Gry\Civ 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)

"D:\Gry\Civ 4\Warlords\Civ4Warlords_PitBoss.exe" = D:\Gry\Civ 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)

"D:\Gry\Civ 4\Beyond the Sword\Civ4BeyondSword.exe" = D:\Gry\Civ 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)

"D:\Gry\Civ 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = D:\Gry\Civ 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)

"D:\Gry\COD\iw3mp.exe" = D:\Gry\COD\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare -- ()

"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)

"D:\Gry\need for speed hot pursuit\gra\Launcher.exe" = D:\Gry\need for speed hot pursuit\gra\Launcher.exe:*:Enabled:Need for Speed Hot Pursuit

"D:\Gry\need for speed hot pursuit\gra\NFS11.exe" = D:\Gry\need for speed hot pursuit\gra\NFS11.exe:*:Enabled:Need for Speed Hot Pursuit Application

"D:\Gry\Call of duty black ops\COD BLACK OPS PL\gra\Steam.exe" = D:\Gry\Call of duty black ops\COD BLACK OPS PL\gra\Steam.exe:*:Enabled:Steam

"C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe:LocalSubNet:Enabled:Konfiguracja urządzenia HP -- (Hewlett-Packard Co.)

"D:\Gry\FIFA 2012 GRA\FIFA 12\Game\fifa.exe" = D:\Gry\FIFA 2012 GRA\FIFA 12\Game\fifa.exe:*:Enabled:FIFA 12 -- (Electronic Arts)

"D:\Gry\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe" = D:\Gry\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club

"D:\Gry\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe" = D:\Gry\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV

"D:\Gry\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe" = D:\Gry\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{261A4762-744B-4C71-81D2-57FA5038DC7B}" = HP Deskjet Ink Adv 2060 K110 Pomoc

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{2965C062-FBC0-4505-9EB8-4497252BB41F}" = Gothic II

"{2CA0BED6-1CBA-4BDD-8608-BC9D639EA0F3}" = Twierdza Krzyżowiec Extreme

"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0422.2

"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords

"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor

"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III

"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6FF4B5E9-F1E8-4622-B97C-A1E5344F56AF}" = Zeus Pan Olimpu - Złota Edycja

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7C551168-C398-47B6-AD42-93BE2E36DD37}" = HP Deskjet Ink Adv 2060 K110 Badanie ulepszeń produktu

"{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}" = Xpand Rally Xtreme

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E17BF51-4636-4057-8380-F7BE664C27BE}" = HP Deskjet Ink Adv 2060 K110 Pomoc

"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{98A64C75-BFD6-4212-8746-8BADC7ABA79E}" = Virtual CD v9

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe

"{AA22FE8A-5247-4051-BF25-E86BA687C0D9}" = HP Deskjet Ink Adv 2060 K110 Podstawowe oprogramowanie urządzenia

"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F40963EC-223E-4E65-8CF0-A60E9A227245}_is1" = Prawo Jazdy ABCDT - egzamin wewnętrzny

"AC3Filter" = AC3Filter (remove only)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALLPlayer_is1" = ALLPlayer V4.X

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"FIFA 12 © EA_is1" = FIFA 12 © EA version 1

"Gadu-Gadu 10" = Gadu-Gadu 10

"HP Photo Creations" = HP Photo Creations

"ie8" = Windows Internet Explorer 8

"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"InstallShield_{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}" = Xpand Rally Xtreme

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"ipla" = ipla 2.3.5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NapiProjekt_is1" = NapiProjekt (2.0.0.2151)

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"RealAlt_is1" = Real Alternative 1.9.0 Lite

"SAGA" = SAGA

"SpeedFan" = SpeedFan (remove only)

"Spolszczenie do Europa Universalis III " = Spolszczenie do Europa Universalis III

"SubEdit-Player_is1" = SubEdit-Player

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.1

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Zeus" = Zeus - Pan Olimpu

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 2011-08-18 05:25:25 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2005

Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD

0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

 

Error - 2011-08-18 05:25:25 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2006

Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to

dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

 

Error - 2011-10-02 12:28:37 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

 

Error - 2011-10-03 02:25:33 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

 

Error - 2011-10-05 12:30:34 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2005

Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD

0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

 

Error - 2011-10-05 12:30:34 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2006

Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to

dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

 

Error - 2011-10-05 12:30:34 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2005

Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD

0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

 

Error - 2011-10-05 12:30:34 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2006

Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to

dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

 

Error - 2011-10-05 12:30:34 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2005

Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD

0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

 

Error - 2011-10-05 12:30:34 | Computer Name = SPECIAL-XP | Source = PerfNet | ID = 2006

Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce

nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to

dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.

 

[ System Events ]

Error - 2012-08-24 12:46:03 | Computer Name = SPECIAL-XP | Source = sptd | ID = 262148

Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla .

 

Error - 2012-08-24 12:46:21 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2012-08-24 12:47:28 | Computer Name = SPECIAL-XP | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: Aavmker4 appdrv01 AppleCharger aswSP aswTdi Fips intelppm sptd vdrv9000

 

Error - 2012-08-24 12:47:50 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2012-08-24 12:51:14 | Computer Name = SPECIAL-XP | Source = sptd | ID = 262148

Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla .

 

Error - 2012-08-24 12:51:36 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2012-08-24 12:52:39 | Computer Name = SPECIAL-XP | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: Aavmker4 appdrv01 AppleCharger aswSP aswTdi Fips intelppm sptd vdrv9000

 

Error - 2012-08-24 13:12:13 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097}

 

Error - 2012-08-24 13:12:14 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097}

 

Error - 2012-08-24 13:12:14 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097}

 

 

< End of report >

 

 

Z góry dziękuję za pomoc:)

[Kiciuk 0]

Poprawiaj posta logi mają być wklejone na wklej.org a nie prosto do posta.

Logi robione spod zarażonego konta ? bo nie widzę infekcji

[filutka78 11]

--------------------------------->>>@Beryl1988

 

Infekcja, (a właściwie 2 infekcje) jest widoczna w logu.

 

Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

[2012-08-23 16:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\pbzzajlcaegehvz

[2012-08-23 16:34:09 | 000,141,824 | ---- | C] (Sharkoon) -- C:\WINDOWS\uonfomzc.exe

[2012-08-23 16:34:09 | 000,141,824 | ---- | C] (Sharkoon) -- C:\Documents and Settings\All Users\Dane aplikacji\uonfomzc.exe

[2012-08-23 14:00:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2012-08-20 10:10:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2012-08-17 19:33:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2012-08-13 20:40:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

 

:Commands

[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

 

Zrób nowy log z OTL, ale w OTL zaznacz "Wszyscy użytkownicy".

 

Zainstaluj nowszą, bezpieczniejszą wersję Javy:

>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1637588.html

zaznacz okienko przy: Accept License Agreement

kliknij: jre-7u6-windows-i586.exe,

 

F.

[xxxplayer 0]

Witam! chyba nie muszę sie rozpisywać na temat problemu z jakim sie borykam ;/

serdecznie prosze o pomoc ! ;|

 

OTL http://wklej.org/id/860747/

Extras http://wklej.org/id/860748/

[filutka78 11]

--------------------------------->>>@xxxplayer

 

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL

[2012-11-02 12:43:47 | 000,109,056 | ---- | C] () -- C:\Users\Dominik\zhcqftuhmiztrpjxmauxbxay.exe

[2012-11-02 12:43:46 | 000,087,040 | ---- | C] () -- C:\Users\Dominik\nsgjpqgxqwkaddwhheklu.exe

O4 - HKU\S-1-5-21-141680603-117289009-1287786445-1000..\Run: [] C:\Users\Dominik\zhcqftuhmiztrpjxmauxbxay.exe ()

O4 - HKU\S-1-5-21-141680603-117289009-1287786445-1000..\Run: [.minecraft server] "C:\Users\Dominik\AppData\Roaming\.minecraft server\minecraft_server.exe" File not found

O4 - HKU\S-1-5-21-141680603-117289009-1287786445-1000..\Run: [cacaoweb] C:\Users\Dominik\AppData\Roaming\cacaoweb\cacaoweb.exe ()

O4 - HKU\S-1-5-21-141680603-117289009-1287786445-1000..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup File not found

[2011-12-18 19:39:50 | 000,460,624 | ---- | C] () -- C:\Users\Dominik\AppData\Local\promo.exe

[2012-10-10 09:15:55 | 000,000,000 | -HSD | C] -- C:\found.006

[2012-10-07 13:11:52 | 000,000,000 | -HSD | C] -- C:\found.005

[2012-10-05 10:25:16 | 000,000,000 | -HSD | C] -- C:\found.004

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O3:64bit: - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.

O3 - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)

[2012-02-04 22:21:20 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\cacaoweb@cacaoweb.org

[2011-12-01 17:25:30 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\ffxtlbr@babylon.com

[2011-11-25 19:36:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\ffxtlbr@Facemoods.com

[2012-04-15 12:34:24 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\ffxtlbr@incredibar.com

[2012-05-15 17:03:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\ffxtlbra@softonic.com

[2012-09-20 14:57:14 | 000,002,578 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\searchplugins\askcom.xml

[2012-08-30 08:46:10 | 000,000,929 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\searchplugins\conduit.xml

[2012-04-15 12:33:50 | 000,002,203 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\searchplugins\MyStart Search.xml

[2011-10-16 14:05:09 | 000,002,520 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\searchplugins\SearchResults.xml

[2012-04-10 19:27:47 | 000,002,060 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\searchplugins\softonic.xml

[2012-02-20 18:17:30 | 000,003,915 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\searchplugins\SweetIM Search.xml

[2012-10-09 15:50:12 | 000,004,002 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\searchplugins\sweetim.xml

[2012-10-28 11:56:58 | 000,002,469 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\searchplugins\Web Search.xml

[2012-01-31 13:47:20 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2011-11-25 19:36:38 | 000,002,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2012-08-23 21:39:21 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}

[2012-08-29 16:57:17 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

[2012-08-23 21:39:33 | 000,000,000 | ---D | M] (SFT_Polska_ Community Toolbar) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\{8f3c1d75-d467-43c2-9a36-655366b76f5f}

[2012-08-30 12:52:44 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}

[2011-09-23 19:17:49 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

[2012-04-16 21:40:01 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\h7czmt0e.default\extensions\4f87499f15fba@4f87499f15fbc.info

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072254&SearchSource=3&q={searchTerms}"

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q="

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072254&SearchSource=2&q="

FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.6.0

FF - prefs.js..extensions.enabledAddons: cacaoweb@cacaoweb.org:1.0.28

FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0

FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"

FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2

FF - prefs.js..extensions.enabledAddons: ffxtlbr@Facemoods.com:1.4.1

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl Customized Web Search"

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=27e447f1-08e7-4d15-9b28-742fdb7f2514&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={5C215059-28F6-422F-9ABE-2EC5890668B2}

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=27e447f1-08e7-4d15-9b28-742fdb7f2514&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=27e447f1-08e7-4d15-9b28-742fdb7f2514&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=27e447f1-08e7-4d15-9b28-742fdb7f2514&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=27e447f1-08e7-4d15-9b28-742fdb7f2514&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=27e447f1-08e7-4d15-9b28-742fdb7f2514&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=stonicpl&s={searchTerms}&f=4

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=868ec0b70000000000000026c7fa002d

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=066A7B03-6967-4AC2-A04F-B9FACFD363A2&apn_sauid=E25B4834-8E86-4358-A9C1-577600A4C3E2

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{2867B86C-17F8-40E1-8CC3-9664A249A089}: "URL" = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc=

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{7837DC2F-2DA4-46FF-A11C-B06171671C53}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=066A7B03-6967-4AC2-A04F-B9FACFD363A2&apn_sauid=E25B4834-8E86-4358-A9C1-577600A4C3E2

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQusLfthd&i=26

IE - HKU\S-1-5-21-141680603-117289009-1287786445-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={5C215059-28F6-422F-9ABE-2EC5890668B2}

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.

Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

 

Użyj >Adw-cleaner. Kliknij w nim Delete

Pokaż raport z niego C:\AdwCleaner[s1].txt

 

Zainstaluj nowszą, bezpieczniejszą wersję Javy:

>http://java.com/pl/download/windows_xpi.jsp?locale=pl

Przy instalacji usuń zaznaczenie przy "Install the AskToolbar ..."

Być może trzeba też zainstalować nowszą wersję Javy 64 bit >http://java.com/pl/download/faq/java_win64bit.xml

 

F.

[xxxplayer 0]

blokady już nie ma, ale nie moge dokończyć skanowania OTL gdyż lawinowo zasypuje mnie okienko..

11032012_000430 http://wklej.org/id/860782/

AdwCleaner[s1] http://wklej.org/id/860783/

[filutka78 11]

gdyż lawinowo zasypuje mnie okienko..

Jeszcze raz bardzo dokładnie przejrzałam Skrypt, ale nie było usuwane nic takiego, co mogłoby spowodować taki problem.

Zrób zwykłe "Przywracanie Systemu".

 

F.

[xxxplayer 0]

oke, dziekuje ogromnie za tak szybką pomoc !

[Waski11 0]

Witam, również nadziałem się na ten chłam ;/

 

OTL: Mój link

Extras: Mój link

 

Z góry wielkie dzięki Panowie.

 

EDIT: Proszę przy okazji o dokładne wytłumaczenie w poście co i jak z czym postąpić

[filutka78 11]

--------------------------------->>>@Waski11

 

Z tej infekcji widzę tu tylko 1 obiekt.

 

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL

[2012-11-03 10:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pro\Dane aplikacji\hellomoto

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O4 - HKCU..\Run: [Komunikator] D:\Programy\Tlen.pl\tlen.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\PalTalk.lnk = File not found

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found

O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found

O4 - HKLM..\Run: [RMActivate_ssp] C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\2397\RMActivate_ssp.exe File not found

O4 - HKLM..\Run: [run32d] C:\WINDOWS\system\run32dll.exe ()

O4 - HKLM..\Run: [MMTray] MMTray.exe File not found

O4 - HKLM..\Run: [Joystick 2 Mouse] D:\Programy\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure File not found

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.5\dealioToolbarIE.dll (Spigot, Inc.)

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Polska Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2451340&SearchSource=13"

FF - prefs.js..extensions.enabledAddons: dealio@mybrowserbar.com:6.5

FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.5

[2011-02-05 15:11:15 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Pro\Dane aplikacji\Mozilla\Firefox\Profiles\k7pya2jo.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2012-02-20 11:02:22 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Pro\Dane aplikacji\Mozilla\Firefox\Profiles\k7pya2jo.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2012-08-21 16:50:26 | 000,000,000 | ---D | M] (GameYard Community Toolbar) -- C:\Documents and Settings\Pro\Dane aplikacji\Mozilla\Firefox\Profiles\k7pya2jo.default\extensions\{b27200ad-1137-430c-bbaf-593defb7373b}

[2012-08-21 16:50:24 | 000,000,000 | ---D | M] (ST-Polska Community Toolbar) -- C:\Documents and Settings\Pro\Dane aplikacji\Mozilla\Firefox\Profiles\k7pya2jo.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}

[2011-04-30 22:57:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Pro\Dane aplikacji\Mozilla\Firefox\Profiles\k7pya2jo.default\extensions\engine@conduit.com

[2011-02-09 11:15:25 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\Pro\Dane aplikacji\Mozilla\Firefox\Profiles\k7pya2jo.default\searchplugins\winamp-search.xml

[2012-10-19 21:20:17 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2012-10-19 21:20:17 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF

[2011-11-03 07:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009-03-07 10:09:44 | 000,024,576 | ---- | M] (My Global Search) -- C:\Program Files\mozilla firefox\plugins\NPMyGlSh.dll

[2011-02-13 15:19:32 | 000,002,242 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml

O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.5\dealioToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found

O2 - BHO: (compliance 54328 Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll (Conduit Ltd.)

O2 - BHO: (GameYard Toolbar) - {b27200ad-1137-430c-bbaf-593defb7373b} - C:\Program Files\GameYard\tbGame.dll (Conduit Ltd.)

O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)

O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.5\dealioToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)

O3 - HKLM\..\Toolbar: (compliance 54328 Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (GameYard Toolbar) - {b27200ad-1137-430c-bbaf-593defb7373b} - C:\Program Files\GameYard\tbGame.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)

O3 - HKCU\..\Toolbar\WebBrowser: (compliance 54328 Toolbar) - {4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - C:\Program Files\MyPlayCity\tbMyP0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (GameYard Toolbar) - {B27200AD-1137-430C-BBAF-593DEFB7373B} - C:\Program Files\GameYard\tbGame.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)

SRV - File not found [Auto | Stopped] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)

SRV - File not found [Auto | Stopped] -- D:\Programy\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.

Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

 

Użyj >Adw-cleaner. Kliknij w nim Delete

Pokaż raport z niego C:\AdwCleaner[s1].txt

 

Zainstaluj nowszą, bezpieczniejszą wersję Javy:

>http://java.com/pl/download/windows_xpi.jsp?locale=pl

Przy instalacji usuń zaznaczenie przy "Install the AskToolbar ..."

 

F.