prosba o sprawdzenie logow OTL

[agulka]

OTL.txt
wklej.org/id/1024627/
Extras.txt
wklej.org/id/1024623/

[kominekl]

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A363CC2-F936-47A3-AA10-3B77C309A478}" = AVG PC TuneUp Language Pack (pl-PL)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2F3A3B57-8AB4-4136-8FD2-96A77D5183C1}" = AVG 2012
"{5B12F363-E816-4204-99F0-6F3B0817D588}" = AVG 2012
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"AVG" = AVG 2012
"AVG PC TuneUp" = AVG PC TuneUp
"AVG Secure Search" = AVG Security Toolbar
"BS_Player Toolbar" = BS Player Toolbar
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"conduitEngine" = Conduit Engine

Odinstaluj to oprogramowanie. Następnie użyj Dostępne tylko dla zarejestrowanych użytkowników, a potem Dostępne tylko dla zarejestrowanych użytkowników.

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\arusb_lh.sys -- (arusb_lh)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{F21560A8-D937-4428-8912-4011EB0DE60A}&mid=146ce81017f8ee6dd184ba6e52185a60-9c7c6734dce7b7d85f310c75e6020b644dc7af29&lang=pl&ds=AVG&pr=fr&d=2012-08-18 01:33:37&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&crm=1&toolbar=VZ2
IE - HKU\S-1-5-21-1578298235-812837613-2220456012-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1750559&SearchSource=13"
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
[2011/04/14 18:46:19 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\antonis\AppData\Roaming\Mozilla\Firefox\Profiles\fcks4z7b.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2011/03/15 14:22:14 | 000,000,921 | ---- | M] () -- C:\Users\antonis\AppData\Roaming\Mozilla\Firefox\Profiles\fcks4z7b.default\searchplugins\conduit.xml
[2013/02/22 22:24:43 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
[2012/02/26 02:26:41 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/02/22 22:24:44 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/26 02:26:41 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKU\S-1-5-21-1578298235-812837613-2220456012-1001..\Run: [Facebook Update] C:\Users\antonis\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
[2013/04/13 15:33:36 | 000,032,120 | ---- | C] (AVG) -- C:\windows\System32\TURegOpt.exe
[2013/04/13 15:33:33 | 000,021,880 | ---- | C] (AVG) -- C:\windows\System32\authuitu.dll
[2013/04/13 15:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2013/04/13 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\antonis\AppData\Roaming\AVG
[2013/04/13 15:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/04/13 15:28:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/04/13 00:20:59 | 000,000,000 | ---D | C] -- C:\Users\antonis\AppData\Roaming\TuneUp Software
[2013/03/06 13:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2010/10/05 18:09:15 | 008,669,936 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\antonis\ashampoo_burning_studio_6_free_6.77_4280.exe
[2010/02/02 04:20:00 | 004,388,296 | ---- | C] (Foxit Software) -- C:\Users\antonis\AppData\Roaming\FoxitPDFEditor_enu_setup_v2.2.0.0205.exe
[2013/04/28 13:43:30 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm.prepare
[2013/02/01 17:52:46 | 095,023,320 | ---- | C] () -- C:\ProgramData\3723875.pad
[2012/10/10 02:58:13 | 083,023,306 | ---- | C] () -- C:\ProgramData\dapeton.pad
[2012/08/17 03:51:07 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012/08/11 16:56:57 | 000,000,051 | ---- | C] () -- C:\ProgramData\ufeaipknneqgjqp
[2012/01/31 19:15:44 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/12/25 17:40:15 | 000,000,000 | ---- | C] () -- C:\Users\antonis\AppData\Local\{F92CA772-4F23-49B5-87C7-2CA6ABA599A9}
[2013/04/13 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\AVG
[2012/08/18 01:35:59 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\AVG2012
[2010/10/05 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\Ashampoo
[2011/12/22 20:13:11 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\Azureus
[2012/07/13 02:22:00 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\BSplayer
[2010/05/01 16:20:30 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\BSplayer Pro
[2013/04/13 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\DriverCure
[2013/04/28 13:38:19 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\go
[2011/12/18 14:37:14 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\MusicNet
[2012/02/29 19:12:11 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\Samsung
[2013/04/13 00:20:59 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\TuneUp Software
[2012/08/16 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\UpdateTemp1997004035
[2010/01/15 05:57:40 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\Vodafone
[2010/12/15 03:12:56 | 000,000,000 | ---D | M] -- C:\Users\antonis\AppData\Roaming\WinAVI
[2013/02/01 00:14:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/02/01 00:14:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

:Services
gupdate
gupdatem

:Files
C:\Program Files\Google\Update
C:\Users\antonis\AppData\Local\Facebook\Update
C:\windows\System32\drivers\AVG
C:\windows\tasks\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z Dostępne tylko dla zarejestrowanych użytkowników (z opcji Delete) + log z TDSSKiller + nowe logi z OTL.