Znowu to cholerstwo. policyjny/ukash

**Posty:** 3 · przez **bartek_p** 10 Sty 2013, 21:33

Witam,

już drugi raz złapałem tego wirusa, wcześniej pomógł mi kolega, który zainstalował ESET NOD32 i to pomogło, ale teraz chyba skończyła się licencja i nie mam pojęcia jak się tego pozbyć. Z tego co wyczytałem, muszę podać logi z OTL'a, co też czynię ;]

Z góry dziękuję za pomoc.

P.S. Jak się generuję te indywidualne kody, które trzeba wkleić do OTL'a, żeby usunąć to dziadostwo?

Pozdrawiam

**Posty:** 4765 · przez **ordynat** 10 Sty 2013, 22:40

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Files
C:\ProgramData\netdislw.bat
C:\ProgramData\netdislw.pad
C:\ProgramData\netdislw.js
C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
C:\ProgramData\netdislw.reg

:OTL
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\netdislw.bat) - C:\ProgramData\netdislw.bat ()

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

Autor postu otrzymał pochwałę

**Posty:** 3 · przez **bartek_p** 11 Sty 2013, 00:37

Dziękuję bardzo, na początek dobry znak, komputer uruchomił się normalnie!
W załączniku przesyłam plik o który prosiłeś, oraz dwa, które pokazały się po uruchomieniu komputera.

Jednak nie załączę, tylko pokażę jako cytat:

Plik: 01102013_231850

Kod: Zaznacz wszystko: All processes killed ========== FILES ========== C:\ProgramData\netdislw.bat moved successfully. C:\ProgramData\netdislw.pad moved successfully. C:\ProgramData\netdislw.js moved successfully. C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully. C:\ProgramData\netdislw.reg moved successfully. ========== OTL ========== Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\PROGRA~3\netdislw.bat deleted successfully. File C:\ProgramData\netdislw.bat not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Bartek ->Temp folder emptied: 10813447 bytes ->Temporary Internet Files folder emptied: 35510484 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 136209948 bytes ->Google Chrome cache emptied: 63239381 bytes ->Flash cache emptied: 1088 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 382708813 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67965 bytes RecycleBin emptied: 4821286 bytes Total Files Cleaned = 604,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01102013_231850 Files\Folders moved on Reboot... C:\Users\Bartek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

Plik: AdwCleaner[S2]

Kod: Zaznacz wszystko: # AdwCleaner v2.105 - Log utworzony 10/01/2013 o 18:46:19 # Aktualizacja 08/01/2013 przez Xplode # System operacyjny : Windows 7 Ultimate (64 bits) # Użytkownik : Bartek - BARTEK-KOMPUTER # Tryb uruchomienia : Tryb awaryjny z obsługą sieci # Ścieżka : C:\Users\Bartek\Downloads\AdwCleaner.exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Plik Usunięto : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Plik Usunięto : C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\twr903ki.default\searchplugins\SweetIm.xml Plik Usunięto : C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\twr903ki.default\searchplugins\web-search.xml Usunięto po restarcie : C:\Program Files (x86)\SweetIM Usunięto po restarcie : C:\ProgramData\SweetIM Usunięto po restarcie : C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Usunięto po restarcie : C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Usunięto po restarcie : C:\Users\Bartek\AppData\Local\TempDir Usunięto po restarcie : C:\Users\Bartek\AppData\LocalLow\BabylonToolbar Usunięto po restarcie : C:\Users\Bartek\AppData\LocalLow\SweetIM Usunięto po restarcie : C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\twr903ki.default\extensions\ffxtlbr@babylon.com Usunięto po restarcie : C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\twr903ki.default\SweetPacksToolbarData Usunięto po restarcie : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\SweetIM Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escort.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Klucz Usunięto : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3 Klucz Usunięto : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 Klucz Usunięto : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Klucz Usunięto : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Klucz Usunięto : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\sim-packages Klucz Usunięto : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Klucz Usunięto : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Klucz Usunięto : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Klucz Usunięto : HKLM\Software\SweetIM Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}] Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Wartość Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v8.0.7600.16700 Podmieniono : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=06a4c79b00000000000000216388b660&tlver=1.4.19.19&affID=17160 --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (pl) Plik : C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\twr903ki.default\prefs.js Usunięto : user_pref("browser.search.defaultenginename", "Web Search..."); Usunięto : user_pref("extensions.BabylonToolbar.aflt", "orgnl"); Usunięto : user_pref("extensions.BabylonToolbar.bbDpng", 11); Usunięto : user_pref("extensions.BabylonToolbar.cntry", "NL"); Usunięto : user_pref("extensions.BabylonToolbar.firstRun", false); Usunięto : user_pref("extensions.BabylonToolbar.hdrMd5", "3345A628EE20C0BC48C928CB7CFA95EE"); Usunięto : user_pref("extensions.BabylonToolbar.lastActv", "21"); Usunięto : user_pref("extensions.BabylonToolbar.lastDP", 11); Usunięto : user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5"); Usunięto : user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); Usunięto : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0"); Usunięto : user_pref("extensions.BabylonToolbar.newTab", true); Usunięto : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Usunięto : user_pref("extensions.BabylonToolbar.propectorlck", 77998428); Usunięto : user_pref("extensions.BabylonToolbar.ptch_0717", true); Usunięto : user_pref("extensions.BabylonToolbar.smplGrp", "free"); Usunięto : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true); Usunięto : user_pref("extensions.vshare@toolbar.update.enabled", false); Usunięto : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={1ABD7614-7B79-40B7-9674-E1E1AE[...] Usunięto : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); Usunięto : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); Usunięto : user_pref("sweetim.toolbar.Visibility.enable", "true"); Usunięto : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); Usunięto : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); Usunięto : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); Usunięto : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); Usunięto : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); Usunięto : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...] Usunięto : user_pref("sweetim.toolbar.dialogs.0.height", "335"); Usunięto : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); Usunięto : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); Usunięto : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...] Usunięto : user_pref("sweetim.toolbar.dialogs.0.width", "761"); Usunięto : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); Usunięto : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...] Usunięto : user_pref("sweetim.toolbar.dialogs.1.height", "300"); Usunięto : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); Usunięto : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); Usunięto : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...] Usunięto : user_pref("sweetim.toolbar.dialogs.1.width", "500"); Usunięto : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); Usunięto : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...] Usunięto : user_pref("sweetim.toolbar.dialogs.2.height", "150"); Usunięto : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); Usunięto : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); Usunięto : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); Usunięto : user_pref("sweetim.toolbar.dialogs.2.width", "530"); Usunięto : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...] Usunięto : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Usunięto : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true"); Usunięto : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Usunięto : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Usunięto : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Usunięto : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Usunięto : user_pref("sweetim.toolbar.mode.debug", "false"); Usunięto : user_pref("sweetim.toolbar.newtab.created", "false"); Usunięto : user_pref("sweetim.toolbar.newtab.enable", "true"); Usunięto : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={1ABD7[...] Usunięto : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...] Usunięto : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); Usunięto : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); Usunięto : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); Usunięto : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*"); Usunięto : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); Usunięto : user_pref("sweetim.toolbar.scripts.0.enable", "true"); Usunięto : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); Usunięto : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); Usunięto : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); Usunięto : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); Usunięto : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Usunięto : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*"); Usunięto : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); Usunięto : user_pref("sweetim.toolbar.scripts.1.enable", "false"); Usunięto : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); Usunięto : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); Usunięto : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); Usunięto : user_pref("sweetim.toolbar.scripts.2.callback", ""); Usunięto : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...] Usunięto : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); Usunięto : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); Usunięto : user_pref("sweetim.toolbar.scripts.2.enable", "false"); Usunięto : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); Usunięto : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...] Usunięto : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Usunięto : user_pref("sweetim.toolbar.search.history.capacity", "10"); Usunięto : user_pref("sweetim.toolbar.searchguard.enable", "false"); Usunięto : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); Usunięto : user_pref("sweetim.toolbar.simapp_id", "{1ABD7614-7B79-40B7-9674-E1E1AEDF42FD}"); Usunięto : user_pref("sweetim.toolbar.version", "1.7.0.3"); -\\ Google Chrome v23.0.1271.97 Plik : C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Preferences Usunięto [l.9] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=06a4c79b00000000000000216388b660&t[...] Usunięto [l.891] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=06a4c79b00000000000000216388b660&tlve[...] ************************* AdwCleaner[R1].txt - [20855 octets] - [10/01/2013 18:45:59] AdwCleaner[S2].txt - [20134 octets] - [10/01/2013 18:46:19] ########## EOF - C:\AdwCleaner[S2].txt - [20195 octets] ##########

Plik: OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2013-01-10 23:30:27 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bartek\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,87 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 61,19% Memory free 7,74 Gb Paging File | 6,22 Gb Available in Paging File | 80,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50,00 Gb Total Space | 6,35 Gb Free Space | 12,69% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 5,27 Gb Free Space | 3,51% Space Free | Partition Type: NTFS Drive E: | 32,88 Gb Total Space | 7,45 Gb Free Space | 22,67% Space Free | Partition Type: NTFS Computer Name: BARTEK-KOMPUTER | User Name: Bartek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-01-10 20:07:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bartek\Desktop\OTL.exe PRC - [2012-12-23 20:00:02 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-03-07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-12-23 20:00:01 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-08-21 14:33:16 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV:[b]64bit:[/b] - [2012-03-07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2010-05-10 07:27:22 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-01-09 18:06:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-23 20:00:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-03-14 07:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2012-03-14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2012-03-14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2012-03-01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2010-05-05 22:13:08 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-04-21 17:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009-11-19 14:06:43 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) DRV:[b]64bit:[/b] - [2009-11-19 14:06:43 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:[b]64bit:[/b] - [2009-11-19 14:06:43 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) DRV:[b]64bit:[/b] - [2009-11-19 14:06:41 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) DRV:[b]64bit:[/b] - [2009-11-19 14:06:40 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:[b]64bit:[/b] - [2009-11-19 14:06:39 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:[b]64bit:[/b] - [2009-11-19 14:06:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009-06-10 21:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-02-22 16:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bartek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012-10-21 00:03:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-12-23 20:00:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-10 14:57:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-10-21 00:03:30 | 000,000,000 | ---D | M] [2010-05-04 13:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bartek\AppData\Roaming\mozilla\Extensions [2013-01-10 18:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bartek\AppData\Roaming\mozilla\Firefox\Profiles\twr903ki.default\extensions [2010-08-08 19:37:25 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Bartek\AppData\Roaming\mozilla\Firefox\Profiles\twr903ki.default\extensions\illimitux@illimitux.net [2012-11-24 20:42:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Bartek\AppData\Roaming\mozilla\firefox\profiles\twr903ki.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-20 16:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-10-20 16:54:07 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-23 20:00:02 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010-08-20 10:05:08 | 000,636,408 | ---- | M] (Ganymede Technologies) -- C:\Program Files (x86)\mozilla firefox\plugins\NPBILLARD8.dll [2011-02-06 14:15:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-04-06 10:43:28 | 000,120,296 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2012-02-20 20:39:45 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-02-20 20:39:45 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-20 20:39:45 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-20 20:39:45 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-20 20:39:45 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-20 20:39:45 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll CHR - plugin: Ganymede Billard8 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPBILLARD8.dll CHR - plugin: GanymedeNet.Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npganymedenet.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Angry Birds = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Fieldrunners = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak\1.0.0.5_0\ CHR - Extension: Angry Birds = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Fieldrunners = C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak\1.0.0.5_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06AAB6D4-0F6E-47BA-9AEA-F453F095A25E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{912E4D26-B9EA-4CEC-A88A-8CC7148EEA8E}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-06-10 19:14:36 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{a15d5e2b-b22c-11df-b804-001e3376ba2c}\Shell - "" = AutoRun O33 - MountPoints2\{a15d5e2b-b22c-11df-b804-001e3376ba2c}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-01-10 23:18:50 | 000,000,000 | ---D | C] -- C:\_OTL [2013-01-10 20:07:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bartek\Desktop\OTL.exe [2013-01-10 14:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013-01-07 09:16:41 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\Nowy folder [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-01-10 23:32:51 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-01-10 23:32:51 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-01-10 23:32:51 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-01-10 23:32:51 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-01-10 23:32:51 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-01-10 23:31:55 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-10 23:31:55 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-10 23:26:52 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-01-10 23:26:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-10 23:26:06 | 3117,416,448 | -HS- | M] () -- C:\hiberfil.sys [2013-01-10 20:07:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bartek\Desktop\OTL.exe [2013-01-10 18:15:47 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-01-10 17:57:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-01-10 14:57:41 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013-01-09 18:06:32 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-01-09 18:06:32 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-12-26 11:47:01 | 000,033,280 | ---- | M] () -- C:\Users\Bartek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-01-10 14:57:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013-01-10 14:57:41 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012-10-22 20:12:48 | 000,032,126 | ---- | C] () -- C:\Windows\MSUMLT0H.INI [2012-10-02 18:46:07 | 000,004,140 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011-04-27 17:21:16 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010-06-10 10:55:56 | 000,033,280 | ---- | C] () -- C:\Users\Bartek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:10D98D98 < End of report >

Naprawdę dziękuję za szybką pomoc.

**Posty:** 4765 · przez **ordynat** 11 Sty 2013, 00:47

Wg mnie - jest OK.
Do Notatnika wklej:

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).

W Adw-Cleaner kliknij na przycisk Odinstaluj
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline)
Być może trzeba też zainstalować nowszą wersję Javy 64 bit >http://java.com/pl/download/faq/java_win64bit.xml

**Posty:** 3 · przez **bartek_p** 11 Sty 2013, 01:46

Zrobiłem wszystko tak, jak pisałeś. Dzięki jeszcze raz!

Pozdrawiam