Podejrzenie keyloggera

Post10 kwie 2012, 21:47

witam, mam pytanie mam zainstalowany na komputerze jakiś program do przechwytywania tego co pisałam na klawiaturze ,czy to keyloggery ? zrobiłam skanowanie spybotem wykrył 11 błędów które naprawił ,powtórzyłam skanowanie wyszło ,że wszystko jest ok,ale ja nadal nie wiem czy moge być spokojna ,że nie mam juz tego świństwa na komputerze i że nie będę już prześladowana? proszę o pomoc i radę.

Post11 kwie 2012, 10:57

Aneta1983, skąd wiesz, że masz keyloggera w kompie? Czy jakiś program wyświetla Ci informacje, że go masz? Jeśli tak, to jaki?

Możesz przygotować logi z otl, tutaj masz poradnik, jak go używać: http://www.hotfix.pl/obsluga-programu-otl-a143.htm

Aby uzyskać wymagane logi, w sekcji rejestr-skan dodatkowy, zaznacz: użyj filtrowania.

Poza tym możesz użyć mbam, nie zgadzaj się na jego wersję testową i przeskanuj nim kompa.

Jak nie znasz tego softu, to podaj tutaj z niego logi.

Logi wrzuć tutaj: Dostępne tylko dla zarejestrowanych użytkowników

Tu jest regulamin działu bezpieczeństwo: bezpieczenstwo/nowy-regulamin-dzialu-bezpiecze-stwo-t1887.html

Post11 kwie 2012, 12:21

J/w.

Poza tym możesz użyć mbam, nie zgadzaj się na jego wersję testową i przeskanuj nim kompa.

Malwarebytes Anti-Malware
Nie instaluj wersji PRO tylko Freeware.
Pełne skanowanie.
Obsługa programu Malwarebytes' Anti-Malware
Po skanowaniu wrzuć z niego logi.
Jeżeli chcesz skanować komputer tym programem to przed jego instalacją odinstaluj Spybota.

Post12 kwie 2012, 23:27

Dostępne tylko dla zarejestrowanych użytkowników
Czy te logi coś Wam mówią ?
Co za świństwo mam w kompie ?

Post13 kwie 2012, 15:59

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"FaceSmooch Toolbar" = FaceSmooch Toolbar
"McAfee Security Scan" = McAfee Security Scan Plus
"TVUPlayer" = TVUPlayer 2.4.7.2
"vShare.tv plugin" = vShare.tv plugin 1.3
"Yahoo! Companion" = Yahoo! Companion

Spybot - Search & Destroy to stare próchno. FaceSmooch Toolbar to zbędny pasek narzędzi. McAfee Security Scan Plus to zbędnik. TVUPlayer i vShare.tv plugin to wredne wtyczki. Natomiast Yahoo odinstaluj, jeśli nie używasz.

czy te logi cos wam mowia ?co za swinstwo mam w kompie?

Mówić mówią, ale sam log Extras.txt to za mało. Potrzebujemy jeszcze logu OTL.txt. Wykonaj logi ponownie i przedstaw oba po deinstalacji wyżej wymienionych programów.

Post14 kwie 2012, 16:39

OTL logfile created on: 2012-04-14 16:26:33 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Aneta\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

894,42 Mb Total Physical Memory | 538,53 Mb Available Physical Memory | 60,21% Memory free
2,30 Gb Paging File | 1,94 Gb Available in Paging File | 84,02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 0,48 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 106,91 Gb Free Space | 89,28% Space Free | Partition Type: NTFS

Computer Name: PECET | User Name: Aneta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-14 16:25:59 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aneta\Moje dokumenty\Pobieranie\OTL(1).exe
PRC - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-05-16 11:41:52 | 000,689,152 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIMain.exe
PRC - [2009-05-16 11:39:44 | 000,559,104 | ---- | M] () -- C:\Program Files\PLAY ONLINE\CMUpdater.exe
PRC - [2009-05-16 11:36:04 | 000,241,664 | ---- | M] () -- C:\Program Files\PLAY ONLINE\AssistantServices.exe
PRC - [2009-05-16 11:35:02 | 000,132,608 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIExec.exe
PRC - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009-02-09 09:31:56 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009-01-26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-11-26 10:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2009-05-16 11:42:00 | 000,174,080 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BKService.dll
MOD - [2009-05-16 11:41:52 | 000,689,152 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIMain.exe
MOD - [2009-05-16 11:41:52 | 000,164,352 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\CMCOMService.dll
MOD - [2009-05-16 11:41:42 | 000,084,480 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\SysService.dll
MOD - [2009-05-16 11:41:36 | 000,213,504 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIDataBase.dll
MOD - [2009-05-16 11:41:36 | 000,198,656 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BISetting.dll
MOD - [2009-05-16 11:41:28 | 000,083,456 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIConnectRecord.dll
MOD - [2009-05-16 11:41:26 | 000,083,456 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BICallRecord.dll
MOD - [2009-05-16 11:41:22 | 000,152,064 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BICodec.dll
MOD - [2009-05-16 11:41:22 | 000,131,584 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIDevManager.dll
MOD - [2009-05-16 11:41:16 | 000,155,136 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BISms.dll
MOD - [2009-05-16 11:41:16 | 000,141,312 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIRas.dll
MOD - [2009-05-16 11:41:08 | 000,092,160 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIStk.dll
MOD - [2009-05-16 11:41:06 | 000,089,600 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIUssd.dll
MOD - [2009-05-16 11:41:02 | 000,179,712 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIConfig.dll
MOD - [2009-05-16 11:41:00 | 000,159,744 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIXml.dll
MOD - [2009-05-16 11:40:54 | 000,468,480 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UIPhoneBook.dll
MOD - [2009-05-16 11:40:54 | 000,161,280 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIPhoneBook.dll
MOD - [2009-05-16 11:40:44 | 000,704,512 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UISetting.dll
MOD - [2009-05-16 11:40:40 | 000,487,936 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UISms.dll
MOD - [2009-05-16 11:40:04 | 000,385,024 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UIConnectRecord.dll
MOD - [2009-05-16 11:39:56 | 000,254,976 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UIUssd.dll
MOD - [2009-05-16 11:39:52 | 000,236,544 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UIStk.dll
MOD - [2009-05-16 11:39:48 | 000,126,464 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIOptimizationClient.dll
MOD - [2009-05-16 11:39:44 | 000,559,104 | ---- | M] () -- C:\Program Files\PLAY ONLINE\CMUpdater.exe
MOD - [2009-05-16 11:39:40 | 000,090,624 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIVoice.dll
MOD - [2009-05-16 11:39:28 | 000,153,088 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIService.dll
MOD - [2009-05-16 11:38:32 | 000,232,448 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UICommonDlg.dll
MOD - [2009-05-16 11:36:24 | 000,338,944 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UISkin.dll
MOD - [2009-05-16 11:36:04 | 000,241,664 | ---- | M] () -- C:\Program Files\PLAY ONLINE\AssistantServices.exe
MOD - [2009-05-16 11:35:02 | 000,132,608 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIExec.exe
MOD - [2009-05-16 11:34:34 | 000,118,784 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BILog.dll
MOD - [2009-05-07 17:50:44 | 000,611,840 | ---- | M] () -- C:\Program Files\PLAY ONLINE\TMobileAgent.dll
MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2009-01-28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009-01-09 17:10:52 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008-05-16 14:01:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008-03-25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008-03-20 11:17:48 | 000,106,496 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libiax2.dll
MOD - [2008-03-20 11:17:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libjb.dll
MOD - [2007-10-25 13:51:16 | 000,198,656 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libcurl.dll
MOD - [2004-09-06 20:19:20 | 001,884,160 | ---- | M] () -- C:\Program Files\SubEdit-Player\codec\ffdshow\ffdshow.ax
MOD - [2004-08-10 00:14:54 | 000,163,840 | ---- | M] () -- C:\Program Files\SubEdit-Player\codec\ac3filter\ac3filter.ax
MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002-11-26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll

========== Win32 Services (SafeList) ==========

SRV - [2012-04-08 09:23:03 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-16 11:36:04 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\PLAY ONLINE\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2005-08-02 23:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080911.001\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2009-12-09 19:02:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-10-11 21:44:53 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009-05-11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-05-07 17:47:14 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009-05-07 17:47:14 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009-05-07 17:47:14 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009-05-07 17:47:14 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-09-02 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008-07-05 17:03:12 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007-05-10 11:28:00 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-03-14 03:57:50 | 001,972,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-01-04 13:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2007-01-04 13:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-12-14 10:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-09-26 16:02:50 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2005-08-02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004-08-03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2003-07-24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\FaceSmooch Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{74FFB6B6-BAED-4528-AD49-D699BA94C408}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKCU\..\SearchScopes\{EAD00B75-7ABB-4C98-8990-1F4C53488B18}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{60552EF9-0487-4B30-91A3-1883E290A1FD}?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-31 15:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-04 20:00:37 | 000,000,000 | ---D | M]

[2008-09-13 15:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Extensions
[2012-02-05 19:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\extensions
[2011-01-13 01:39:18 | 000,000,000 | ---D | M] (FaceSmooch Toolbar) -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011-01-13 01:39:27 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\searchplugins\search.xml
[2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\searchplugins\startsear.xml
[2012-02-04 20:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-10 21:37:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-03-31 15:26:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-06-09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012-01-29 16:18:04 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-01-29 16:18:04 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-01-29 16:18:04 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-01-29 16:18:04 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-01-29 16:18:04 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-01-29 16:18:04 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\FaceSmooch Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (FaceSmooch Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\FaceSmooch Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FaceSmooch Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\FaceSmooch Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files\PLAY ONLINE\UIExec.exe ()
O4 - HKCU..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Aneta\Menu Start\Programy\Autostart\Spis treści programu OneNote.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{397AD4CF-7BB1-4308-B545-404E84E3651F}: NameServer = 89.108.195.20 217.17.34.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-05 15:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-10 22:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneta\Dane aplikacji\Malwarebytes
[2012-04-10 22:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2012-04-10 19:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\McAfee
[2012-04-09 18:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012-04-09 18:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2012-04-08 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB
[2012-04-08 15:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneta\Dane aplikacji\HTML Executable
[2012-04-08 09:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee
[2012-04-08 09:23:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-04-08 09:23:03 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-03-24 16:28:18 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2012-03-24 16:28:18 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2012-03-24 16:28:18 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2012-03-24 16:28:18 | 000,009,728 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2012-03-24 16:28:13 | 000,022,528 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\drivers\BMLoad.sys
[2012-03-24 16:28:13 | 000,018,816 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\drivers\tcpipBM.sys
[2012-03-24 16:28:13 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sporder.dll
[2012-03-24 16:28:12 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bmutil.dll
[2012-03-24 16:28:12 | 000,471,040 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmnet.dll
[2012-03-24 16:28:12 | 000,294,912 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bminstall.dll
[2012-03-24 16:28:12 | 000,126,976 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmdumpd.bin
[2012-03-24 16:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PLAY ONLINE
[2012-03-23 11:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneta\Dane aplikacji\e-pity
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-14 16:04:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-13 21:39:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-04-12 22:58:12 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-12 22:23:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-10 19:15:10 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012-04-08 09:23:03 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-04-08 09:23:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-03-24 16:30:48 | 000,451,696 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-03-24 16:30:48 | 000,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-03-24 16:30:48 | 000,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-03-24 16:30:48 | 000,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-03-24 16:29:27 | 000,001,004 | ---- | M] () -- C:\NetworkCfg.xml
[2012-03-24 16:28:15 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PLAY ONLINE.lnk
[2012-03-23 11:08:42 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Aneta\Pulpit\e-pity2011.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-13 20:03:02 | 000,001,004 | ---- | C] () -- C:\NetworkCfg.xml
[2012-04-08 09:23:04 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-03-24 16:28:06 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PLAY ONLINE.lnk
[2012-03-23 11:08:42 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Aneta\Pulpit\e-pity2011.lnk
[2011-06-28 17:29:29 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011-06-28 17:29:29 | 000,143,676 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-10-23 13:58:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-21 21:17:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010-05-09 13:06:19 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010-05-09 13:05:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010-05-09 12:52:46 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini

========== LOP Check ==========

[2008-07-05 17:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
[2011-03-10 20:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\e-file
[2008-09-13 15:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-03-26 16:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-01-03 18:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2011-06-12 11:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-05-09 12:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
[2009-07-27 19:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru
[2010-10-21 18:44:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\.#
[2009-02-05 23:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\ACD Systems
[2012-03-23 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\e-pity
[2008-07-07 23:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Gadu-Gadu
[2012-03-24 22:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Gadu-Gadu 10
[2012-04-08 15:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\HTML Executable
[2012-04-14 16:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\ipla
[2009-10-06 18:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\iPlus
[2009-08-29 19:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Nowe Gadu-Gadu
[2011-01-13 01:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\OpenCandy
[2010-02-28 23:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\OpenFM
[2009-10-06 18:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Program Files
[2011-01-13 01:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Toolbar4

========== Purity Check ==========

< End of report >

To są logi po odinstalowaniu powyższych programów,nie wiem tylko jak odinstalować face smooht toolbar

Post14 kwie 2012, 18:29

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Aneta\Menu Start\Programy\Autostart\Spis treści programu OneNote.onetoc2 ()

To zbędne pliki w autostarcie. Wejdź w START -> URUCHOM -> Msconfig -> Usługi -> odznacz usługę -> NVIDIA Display Driver Service. Resztę usunę skryptem.

Oprogramowanie.

Nie odinstalowałeś wszystkiego. Nie odinstalowałeś SpyBot`a... . Liczę na poprawę i wytłumaczenie. Odinstaluj wszystko co kazałem wcześniej za pomocą Revo Uninstaller`a w trybie zaawansowanym -> http://www.hotfix.pl/infusions/pro_down ... ile_id=160.

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080911.001\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\FaceSmooch Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{74FFB6B6-BAED-4528-AD49-D699BA94C408}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKCU\..\SearchScopes\{EAD00B75-7ABB-4C98-8990-1F4C53488B18}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{60552EF9-0487-4B30-91A3-1883E290A1FD}?q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&q="
[2011-01-13 01:39:18 | 000,000,000 | ---D | M] (FaceSmooch Toolbar) -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011-01-13 01:39:27 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\searchplugins\search.xml
[2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\searchplugins\startsear.xml
[2011-06-09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKCU..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found

:Files
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
C:\Documents and Settings\Aneta\Menu Start\Programy\Autostart\Spis treści programu OneNote.onetoc2
C:\Documents and Settings\LocalService\Dane aplikacji\McAfee
C:\Program Files\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Dane aplikacji\McAfee
C:\WINDOWS\tasks\*.job
C:\Documents and Settings\Aneta\Dane aplikacji\.#

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"=-
"NvCplDaemon"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IPLA!"=-
"NBJ"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.

Post14 kwie 2012, 19:51

Odinstalowałam spybota,został mi spyware,gdy wchodze na start i w uruchom wyświetla mi sie wpisz nazwe programu lub folderu internetowego a zostanie on otwarty czy cis w tym stylu...nie wiem może cos robie nie tak,sorry ale jestem laikiem w tej dziedzinie...

Post14 kwie 2012, 19:56

Odinstalowałam spybota,został mi spyware,gdy wchodze na start i w uruchom wyświetla mi sie wpisz nazwe programu lub folderu internetowego a zostanie on otwarty czy cis w tym stylu...nie wiem może cos robie nie tak,sorry ale jestem laikiem w tej dziedzinie...

Jeśli użyłaś do tego Revo to OK. Jeśli nie to trudno. Poradzę sobie bez tego. Odinstaluj za pomocą Revo resztę i przejdź do kolejnych instrukcji.

Post14 kwie 2012, 20:40

All processes killed
========== OTL ==========
Error: No service named SYMIDSCO was found to stop!
Service\Driver key SYMIDSCO not found.
File C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080911.001\symidsco.sys not found.
Error: No service named hwdatacard was found to stop!
Service\Driver key hwdatacard not found.
File system32\DRIVERS\ewusbmdm.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ not found.
File C:\Program Files\FaceSmooch Toolbar\tbhelper.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74FFB6B6-BAED-4528-AD49-D699BA94C408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74FFB6B6-BAED-4528-AD49-D699BA94C408}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EAD00B75-7ABB-4C98-8990-1F4C53488B18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAD00B75-7ABB-4C98-8990-1F4C53488B18}\ not found.
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: firefox@tvunetworks.com:2 removed from extensions.enabledItems
Prefs.js: 4 removed from extensions.enabledItems
Prefs.js: 7 removed from extensions.enabledItems
Prefs.js: 2 removed from extensions.enabledItems
Prefs.js: "http://startsear.ch/?aff=1&q=" removed from keyword.URL
Folder C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\ not found.
File C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\searchplugins\search.xml not found.
File C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\searchplugins\startsear.xml not found.
File C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet not found.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk not found.
File\Folder C:\Documents and Settings\Aneta\Menu Start\Programy\Autostart\Spis treści programu OneNote.onetoc2 not found.
File\Folder C:\Documents and Settings\LocalService\Dane aplikacji\McAfee not found.
File\Folder C:\Program Files\Spybot - Search & Destroy not found.
File\Folder C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy not found.
File\Folder C:\Documents and Settings\All Users\Dane aplikacji\McAfee not found.
File\Folder C:\WINDOWS\tasks\*.job not found.
File\Folder C:\Documents and Settings\Aneta\Dane aplikacji\.# not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ControlCenter3 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IPLA! not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NBJ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ deleted successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

[EMPTYTEMP]

User: All Users

User: Aneta
->Temp folder emptied: 398332 bytes
->Temporary Internet Files folder emptied: 33207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19721951 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19,00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04142012_202258

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

-- 14 kwi 2012, 19:40 --

OTL logfile created on: 2012-04-14 20:31:39 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Aneta\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

894,42 Mb Total Physical Memory | 333,56 Mb Available Physical Memory | 37,29% Memory free
2,30 Gb Paging File | 1,79 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 1,92 Gb Free Space | 6,54% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 106,91 Gb Free Space | 89,28% Space Free | Partition Type: NTFS

Computer Name: PECET | User Name: Aneta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-14 20:31:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aneta\Moje dokumenty\Pobieranie\OTL(3).exe
PRC - [2012-03-31 15:26:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-03-27 05:30:32 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2012-03-27 05:30:28 | 003,669,680 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012-03-27 05:30:18 | 002,786,480 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-05-16 11:41:52 | 000,689,152 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIMain.exe
PRC - [2009-05-16 11:39:44 | 000,559,104 | ---- | M] () -- C:\Program Files\PLAY ONLINE\CMUpdater.exe
PRC - [2009-05-16 11:36:04 | 000,241,664 | ---- | M] () -- C:\Program Files\PLAY ONLINE\AssistantServices.exe
PRC - [2009-05-16 11:35:02 | 000,132,608 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIExec.exe
PRC - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009-02-09 09:31:56 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008-11-26 10:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012-04-14 16:40:03 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012-03-31 15:26:05 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009-05-16 11:42:00 | 000,174,080 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BKService.dll
MOD - [2009-05-16 11:41:52 | 000,689,152 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIMain.exe
MOD - [2009-05-16 11:41:52 | 000,164,352 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\CMCOMService.dll
MOD - [2009-05-16 11:41:42 | 000,084,480 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\SysService.dll
MOD - [2009-05-16 11:41:36 | 000,213,504 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIDataBase.dll
MOD - [2009-05-16 11:41:36 | 000,198,656 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BISetting.dll
MOD - [2009-05-16 11:41:28 | 000,083,456 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIConnectRecord.dll
MOD - [2009-05-16 11:41:26 | 000,083,456 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BICallRecord.dll
MOD - [2009-05-16 11:41:22 | 000,152,064 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BICodec.dll
MOD - [2009-05-16 11:41:22 | 000,131,584 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIDevManager.dll
MOD - [2009-05-16 11:41:16 | 000,155,136 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BISms.dll
MOD - [2009-05-16 11:41:16 | 000,141,312 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIRas.dll
MOD - [2009-05-16 11:41:08 | 000,092,160 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIStk.dll
MOD - [2009-05-16 11:41:06 | 000,089,600 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIUssd.dll
MOD - [2009-05-16 11:41:02 | 000,179,712 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIConfig.dll
MOD - [2009-05-16 11:41:00 | 000,159,744 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIXml.dll
MOD - [2009-05-16 11:40:54 | 000,468,480 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UIPhoneBook.dll
MOD - [2009-05-16 11:40:54 | 000,161,280 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIPhoneBook.dll
MOD - [2009-05-16 11:40:44 | 000,704,512 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UISetting.dll
MOD - [2009-05-16 11:40:40 | 000,487,936 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UISms.dll
MOD - [2009-05-16 11:40:04 | 000,385,024 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UIConnectRecord.dll
MOD - [2009-05-16 11:39:56 | 000,254,976 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UIUssd.dll
MOD - [2009-05-16 11:39:52 | 000,236,544 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIPlugin\UIStk.dll
MOD - [2009-05-16 11:39:48 | 000,126,464 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIOptimizationClient.dll
MOD - [2009-05-16 11:39:44 | 000,559,104 | ---- | M] () -- C:\Program Files\PLAY ONLINE\CMUpdater.exe
MOD - [2009-05-16 11:39:40 | 000,090,624 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIVoice.dll
MOD - [2009-05-16 11:39:28 | 000,153,088 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BIService.dll
MOD - [2009-05-16 11:38:32 | 000,232,448 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UICommonDlg.dll
MOD - [2009-05-16 11:36:24 | 000,338,944 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UISkin.dll
MOD - [2009-05-16 11:36:04 | 000,241,664 | ---- | M] () -- C:\Program Files\PLAY ONLINE\AssistantServices.exe
MOD - [2009-05-16 11:35:02 | 000,132,608 | ---- | M] () -- C:\Program Files\PLAY ONLINE\UIExec.exe
MOD - [2009-05-16 11:34:34 | 000,118,784 | ---- | M] () -- C:\Program Files\PLAY ONLINE\Component\BILog.dll
MOD - [2009-05-07 17:50:44 | 000,611,840 | ---- | M] () -- C:\Program Files\PLAY ONLINE\TMobileAgent.dll
MOD - [2009-01-28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009-01-09 17:10:52 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008-03-25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008-03-20 11:17:48 | 000,106,496 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libiax2.dll
MOD - [2008-03-20 11:17:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libjb.dll
MOD - [2007-10-25 13:51:16 | 000,198,656 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libcurl.dll
MOD - [2004-09-06 20:19:20 | 001,884,160 | ---- | M] () -- C:\Program Files\SubEdit-Player\codec\ffdshow\ffdshow.ax
MOD - [2004-08-10 00:14:54 | 000,163,840 | ---- | M] () -- C:\Program Files\SubEdit-Player\codec\ac3filter\ac3filter.ax
MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002-11-26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll

========== Win32 Services (SafeList) ==========

SRV - [2012-04-14 16:40:04 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-03-27 05:30:32 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-16 11:36:04 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\PLAY ONLINE\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2005-08-02 23:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011-06-21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009-12-09 19:02:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-10-11 21:44:53 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009-05-11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-05-07 17:47:14 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009-05-07 17:47:14 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009-05-07 17:47:14 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009-05-07 17:47:14 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-09-02 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008-07-05 17:03:12 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007-05-10 11:28:00 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-03-14 03:57:50 | 001,972,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-01-04 13:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2007-01-04 13:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-12-14 10:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-09-26 16:02:50 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2005-08-02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004-08-03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2003-07-24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&tbid=60747
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-31 15:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-04 20:00:37 | 000,000,000 | ---D | M]

[2008-09-13 15:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Extensions
[2012-02-05 19:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aneta\Dane aplikacji\Mozilla\Firefox\Profiles\x196qz15.default\extensions
[2012-02-04 20:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-10 21:37:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-03-31 15:26:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-01-29 16:18:04 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2007-07-26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012-01-29 16:18:04 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-01-29 16:18:04 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-01-29 16:18:04 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-01-29 16:18:04 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-01-29 16:18:04 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [UIExec] C:\Program Files\PLAY ONLINE\UIExec.exe ()
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{397AD4CF-7BB1-4308-B545-404E84E3651F}: NameServer = 89.108.195.21 217.17.34.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aneta\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-05 15:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-14 19:55:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-04-14 19:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012-04-14 19:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneta\Menu Start\Programy\Revo Uninstaller
[2012-04-14 17:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneta\Dane aplikacji\Spyware Terminator
[2012-04-14 17:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
[2012-04-14 17:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Spyware Terminator 2012
[2012-04-14 17:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012-04-10 22:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneta\Dane aplikacji\Malwarebytes
[2012-04-10 22:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2012-04-08 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB
[2012-04-08 15:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneta\Dane aplikacji\HTML Executable
[2012-04-08 09:23:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-04-08 09:23:03 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-03-24 16:28:18 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2012-03-24 16:28:18 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2012-03-24 16:28:18 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2012-03-24 16:28:18 | 000,009,728 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2012-03-24 16:28:13 | 000,022,528 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\drivers\BMLoad.sys
[2012-03-24 16:28:13 | 000,018,816 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\drivers\tcpipBM.sys
[2012-03-24 16:28:13 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sporder.dll
[2012-03-24 16:28:12 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bmutil.dll
[2012-03-24 16:28:12 | 000,471,040 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmnet.dll
[2012-03-24 16:28:12 | 000,294,912 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bminstall.dll
[2012-03-24 16:28:12 | 000,126,976 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmdumpd.bin
[2012-03-24 16:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PLAY ONLINE
[2012-03-23 11:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneta\Dane aplikacji\e-pity

========== Files - Modified Within 30 Days ==========

[2012-04-14 20:25:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-14 19:55:14 | 000,451,696 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-04-14 19:55:14 | 000,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-14 19:55:14 | 000,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-04-14 19:55:14 | 000,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-14 19:51:38 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Aneta\Pulpit\Revo Uninstaller.lnk
[2012-04-14 17:11:29 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Terminator 2012.lnk
[2012-04-14 16:40:04 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-04-14 16:40:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-04-12 22:58:12 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-12 22:23:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-10 19:15:10 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012-03-24 16:29:27 | 000,001,004 | ---- | M] () -- C:\NetworkCfg.xml
[2012-03-24 16:28:15 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PLAY ONLINE.lnk
[2012-03-23 11:08:42 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Aneta\Pulpit\e-pity2011.lnk

========== Files Created - No Company Name ==========

[2012-04-14 19:51:38 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Aneta\Pulpit\Revo Uninstaller.lnk
[2012-04-14 17:11:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012-04-14 17:11:29 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Terminator 2012.lnk
[2012-04-13 20:03:02 | 000,001,004 | ---- | C] () -- C:\NetworkCfg.xml
[2012-03-24 16:28:06 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PLAY ONLINE.lnk
[2012-03-23 11:08:42 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Aneta\Pulpit\e-pity2011.lnk
[2011-06-28 17:29:29 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011-06-28 17:29:29 | 000,143,676 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-10-23 13:58:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-21 21:17:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010-05-09 13:06:19 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010-05-09 13:05:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010-05-09 12:52:46 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini

========== LOP Check ==========

[2008-07-05 17:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
[2011-03-10 20:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\e-file
[2008-09-13 15:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-03-26 16:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-01-03 18:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2011-06-12 11:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-05-09 12:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
[2012-04-14 20:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
[2009-07-27 19:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru
[2009-02-05 23:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\ACD Systems
[2012-03-23 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\e-pity
[2008-07-07 23:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Gadu-Gadu
[2012-03-24 22:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Gadu-Gadu 10
[2012-04-08 15:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\HTML Executable
[2012-04-14 16:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\ipla
[2009-10-06 18:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\iPlus
[2009-08-29 19:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Nowe Gadu-Gadu
[2011-01-13 01:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\OpenCandy
[2010-02-28 23:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\OpenFM
[2009-10-06 18:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Program Files
[2012-04-14 17:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Spyware Terminator
[2012-04-14 20:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aneta\Dane aplikacji\Toolbar4

========== Purity Check ==========

< End of report >

Post14 kwie 2012, 22:29

Spyware Terminator.

Odinstaluj Go i wstrzymaj się z instalowaniem nowego oprogramowania do zakończenia tematu. Ponadto masz lepszego Malwarebytes`a.

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Dostępne tylko dla zarejestrowanych użytkowników ... TbId=60747
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników ... tp=bs&qkw={searchTerms}&tbid=60747
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found

:Files
C:\Program Files\Spybot - Search & Destroy
C:\Documents and Settings\Aneta\Dane aplikacji\Spyware Terminator
C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
C:\Program Files\Spyware Terminator

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL (oba na -> Dostępne tylko dla zarejestrowanych użytkowników).

Post14 kwie 2012, 22:52

Dostępne tylko dla zarejestrowanych użytkowników

Post14 kwie 2012, 22:59

Log.

Dobra. Teraz czekamy tylko na nowe logi z OTL.

Post14 kwie 2012, 23:03

Dostępne tylko dla zarejestrowanych użytkowników

Post15 kwie 2012, 12:17

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

[2007-07-26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

:Files
C:\WINDOWS\System32\drivers\sp_rsdrv2.sys

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie w OTL -> Sprzątanie.

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Zainstaluj koniecznie SP3 -> Dostępne tylko dla zarejestrowanych użytkowników.

Internet Explorer (Version = 6.0.2900.2180)

Zaktualizuj IE do najnowszej wersji (nawet, jeśli Go nie używasz) -> Dostępne tylko dla zarejestrowanych użytkowników.

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16

Odinstaluj i zainstaluj najnowszą wersję -> Dostępne tylko dla zarejestrowanych użytkowników.

"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.6 - Polish

Odinstaluj i zainstaluj najnowszą wersję -> http://www.hotfix.pl/infusions/pro_down ... r-p515.htm.

Kroki Finalizujące.

Przeczyść dysk i rejestr CCleaner`em -> http://www.hotfix.pl/infusions/pro_down ... r-p158.htm.
Wykonaj pełne skanowanie Malwarebytes`em Anti-Malware (nie gódź się na wersję testową) -> http://www.hotfix.pl/infusions/pro_down ... e-p164.htm, jeśli coś znajdzie usuń i daj raport.