Wrzucam logi, to nie moj komputer. Nie mam dostępu do niego codziennie. Urucomilem OTL AdwCleanner i Rkill’era. Z Góry dziękuję za pomoc. Oto one:
OTL:
OTL logfile created on: 2014-06-26 18:15:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jacek\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,82% Memory free
4,00 Gb Paging File | 2,63 Gb Available in Paging File | 65,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,32 Gb Total Space | 80,90 Gb Free Space | 75,38% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 74,44 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive E: | 125,46 Gb Total Space | 37,57 Gb Free Space | 29,95% Space Free | Partition Type: NTFS
Computer Name: JACEK-KOMPUTER | User Name: jacek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014-06-26 18:12:11 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\jacek\Desktop\OTL_[www.programosy.pl].exe
PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-10-23 09:19:06 | 000,932,640 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013-10-23 09:19:05 | 001,821,984 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013-10-23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013-10-18 03:35:59 | 014,650,144 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013-10-18 03:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013-10-18 03:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013-08-30 09:47:34 | 004,858,968 | ---- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-08-30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-07-10 11:37:18 | 001,376,608 | ---- | M] () – C:\Program Files\Opera\15.0.1147.141\opera_crashreporter.exe
PRC - [2013-07-10 11:37:14 | 039,480,672 | ---- | M] (Opera Software) – C:\Program Files\Opera\15.0.1147.141\opera.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
PRC - [2009-07-14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\conhost.exe
PRC - [2009-07-14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\audiodg.exe
========== Modules (No Company Name) ==========
MOD - [2014-05-15 15:50:27 | 016,361,136 | ---- | M] () – C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2013-07-10 11:37:18 | 001,376,608 | ---- | M] () – C:\Program Files\Opera\15.0.1147.141\opera_crashreporter.exe
MOD - [2013-07-10 11:37:17 | 000,746,336 | ---- | M] () – C:\Program Files\Opera\15.0.1147.141\libGLESv2.dll
MOD - [2013-07-10 11:37:17 | 000,135,520 | ---- | M] () – C:\Program Files\Opera\15.0.1147.141\libEGL.dll
MOD - [2013-07-10 11:37:16 | 000,977,248 | ---- | M] () – C:\Program Files\Opera\15.0.1147.141\ffmpegsumo.dll
========== Services (SafeList) ==========
SRV - [2014-06-18 20:14:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)
SRV - [2014-05-15 15:50:28 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] – C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe – (AdobeARMservice)
SRV - [2013-10-23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe – (Stereo Service)
SRV - [2013-10-18 03:35:59 | 014,650,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe – (NvStreamSvc)
SRV - [2013-10-18 03:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe – (nvUpdatusService)
SRV - [2013-08-30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\StorSvc.dll – (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\PeerDistSvc.dll – (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV - [2009-07-14 03:14:30 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\System32\regedt32.exe – (NOD32FiXTemDono)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_juextctrl.sys – (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_jubusenum.sys – (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_jucdcecm.sys – (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_jucdcacm.sys – (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_usbenumfilter.sys – (ew_usbenumfilter)
DRV - [2013-10-23 12:24:25 | 010,410,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\nvlddmkm.sys – (nvlddmkm)
DRV - [2013-09-28 01:01:42 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\nvvad32v.sys – (nvvad_WaveExtensible)
DRV - [2013-08-30 09:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswSP.sys – (aswSP)
DRV - [2013-08-30 09:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] – C:\Windows\System32\drivers\aswVmm.sys – (aswVmm)
DRV - [2013-08-30 09:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2013-08-30 09:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\System32\drivers\aswSnx.sys – (aswSnx)
DRV - [2013-08-30 09:48:12 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswRdr2.sys – (aswRdr)
DRV - [2013-08-30 09:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] – C:\Windows\System32\drivers\aswRvrt.sys – (aswRvrt)
DRV - [2013-08-30 09:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswMonFlt.sys – (aswMonFlt)
DRV - [2013-08-30 09:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vmbus.sys – (vmbus)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\drivers\vmstorfl.sys – (storflt)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\storvsc.sys – (storvsc)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vms3cap.sys – (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\VMBusHID.sys – (VMBusHID)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM…\SearchScopes,DefaultScope =
IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU.DEFAULT…\SearchScopes,DefaultScope =
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-18…\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-19…\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20…\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1794411785-3816019198-4255224139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1794411785-3816019198-4255224139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1794411785-3816019198-4255224139-1000…\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1794411785-3816019198-4255224139-1000…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1794411785-3816019198-4255224139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-1794411785-3816019198-4255224139-1004…\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js…browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js…extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js…extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-18 13:23:52 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013-08-23 07:40:45 | 000,000,000 | —D | M] (No name found) – C:\Users\jacek\AppData\Roaming\mozilla\Extensions
[2014-06-26 18:02:40 | 000,000,000 | —D | M] (No name found) – C:\Users\jacek\AppData\Roaming\mozilla\Firefox\Profiles\76o49hqw.default\Extensions
[2014-06-18 20:13:58 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\browser\extensions
[2014-06-18 20:14:10 | 000,000,000 | —D | M] (Default) – C:\Program Files\Mozilla Firefox\browser\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-09-18 13:23:52 | 000,000,000 | —D | M] (avast! Online Security) – C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
O1 HOSTS File: ([2013-08-22 15:29:33 | 000,000,921 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM…\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM…\Run: [shadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1794411785-3816019198-4255224139-1000…\Run: [GG] C:\Users\jacek\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1794411785-3816019198-4255224139-1004…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{6D5067F7-C60E-4C50-A791-D0F3ACAE2FB5}: DhcpNameServer = 192.168.10.251
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [NTFS]
O33 - MountPoints2{1583ec68-0b27-11e3-8333-001d7dd6ee58}\Shell - “” = AutoRun
O33 - MountPoints2{1583ec68-0b27-11e3-8333-001d7dd6ee58}\Shell\AutoRun\command - “” = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM…comfile [open] – “%1” %*
O35 - HKLM…exefile [open] – “%1” %*
O37 - HKLM…com [@ = comfile] – “%1” %*
O37 - HKLM…exe [@ = exefile] – “%1” %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-06-26 18:12:06 | 000,602,112 | ---- | C] (OldTimer Tools) – C:\Users\jacek\Desktop\OTL_[www.programosy.pl].exe
[2014-06-26 17:55:17 | 000,000,000 | —D | C] – C:\AdwCleaner
[2014-06-26 17:51:27 | 001,942,776 | ---- | C] (Bleeping Computer, LLC) – C:\Users\jacek\Desktop\rkill.exe
[2014-06-18 20:13:58 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2014-06-26 18:12:11 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\jacek\Desktop\OTL_[www.programosy.pl].exe
[2014-06-26 18:09:02 | 000,737,242 | ---- | M] () – C:\Windows\System32\perfh015.dat
[2014-06-26 18:09:02 | 000,651,450 | ---- | M] () – C:\Windows\System32\perfh009.dat
[2014-06-26 18:09:02 | 000,153,930 | ---- | M] () – C:\Windows\System32\perfc015.dat
[2014-06-26 18:09:02 | 000,120,382 | ---- | M] () – C:\Windows\System32\perfc009.dat
[2014-06-26 18:04:26 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat
[2014-06-26 18:04:25 | 1609,424,896 | -HS- | M] () – C:\hiberfil.sys
[2014-06-26 18:03:39 | 000,013,616 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-06-26 18:03:39 | 000,013,616 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-06-26 18:02:40 | 000,000,971 | ---- | M] () – C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-06-26 17:52:00 | 001,942,776 | ---- | M] (Bleeping Computer, LLC) – C:\Users\jacek\Desktop\rkill.exe
[2014-06-26 17:50:45 | 001,342,659 | ---- | M] () – C:\Users\jacek\Desktop\AdwCleaner.exe
[2014-06-26 17:50:02 | 000,000,930 | ---- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
========== Files Created - No Company Name ==========
[2014-06-26 17:50:01 | 001,342,659 | ---- | C] () – C:\Users\jacek\Desktop\AdwCleaner.exe
[2013-08-23 11:25:35 | 000,000,175 | ---- | C] () – C:\Windows\System32\drivers\aswVmm.sys.sum
[2013-08-23 11:25:35 | 000,000,175 | ---- | C] () – C:\Windows\System32\drivers\aswSP.sys.sum
[2013-08-23 11:25:35 | 000,000,175 | ---- | C] () – C:\Windows\System32\drivers\aswSnx.sys.sum
[2013-08-23 11:25:28 | 000,177,864 | ---- | C] () – C:\Windows\System32\drivers\aswVmm.sys
[2013-08-23 11:25:28 | 000,049,376 | ---- | C] () – C:\Windows\System32\drivers\aswRvrt.sys
========== ZeroAccess Check ==========
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
“” = %SystemRoot%\system32\shell32.dll – [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
“” = %systemroot%\system32\wbem\fastprox.dll – [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
“” = %systemroot%\system32\wbem\wbemess.dll – [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Both
========== LOP Check ==========
[2014-06-26 18:05:27 | 000,000,000 | —D | M] – C:\Users\jacek\AppData\Roaming\GG
[2013-08-22 15:00:14 | 000,000,000 | —D | M] – C:\Users\jacek\AppData\Roaming\Opera Software
========== Purity Check ==========
< End of report >
ADWCLEANER:
AdwCleaner[R0]
AdwCleaner v3.213 - Log utworzony 26/06/2014 o 17:55:22
Aktualizacja 23/06/2014 przez Xplode
System operacyjny : Windows 7 Professional (32 bits)
Użytkownik : jacek - JACEK-KOMPUTER
Ścieżka : C:\Users\jacek\Desktop\AdwCleaner.exe
Opcja : Szukaj
***** [Usługi] *****
Usługa Znaleziono : Wpm
***** [Pliki / Foldery] *****
Folder Znaleziono : C:\Program Files\Delta
Folder Znaleziono : C:\ProgramData\Babylon
Folder Znaleziono : C:\ProgramData\BitGuard
Folder Znaleziono : C:\ProgramData\eSafe
Folder Znaleziono : C:\ProgramData\WPM
Folder Znaleziono : C:\Users\jacek\AppData\Local\Temp\mt_ffx
Folder Znaleziono : C:\Users\jacek\AppData\LocalLow\Delta
Folder Znaleziono : C:\Users\jacek\AppData\Roaming\BabSolution
Folder Znaleziono : C:\Users\jacek\AppData\Roaming\Babylon
Folder Znaleziono : C:\Users\jacek\AppData\Roaming\dosearches
Folder Znaleziono : C:\Users\jacek\AppData\Roaming\file scout
Folder Znaleziono : C:\Users\jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Znaleziono : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\Extensions\ffxtlbr@delta.com
Plik Znaleziono : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\bprotector_extensions.sqlite
Plik Znaleziono : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\bprotector_prefs.js
Plik Znaleziono : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\user.js
Plik Znaleziono : C:\Windows\System32\Tasks\EPUpdater
***** [Skróty] *****
Skrót Znaleziono : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767 )
Skrót Znaleziono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767 )
Skrót Znaleziono : C:\Users\jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767 )
***** [Rejestr] *****
Dane Znaleziono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767
Dane Znaleziono : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\bitguard\271832~1.68{c16c1~1\bitguard.dll
Klucz Znaleziono : HKCU\Software\5de8c88b33bea43
Klucz Znaleziono : HKCU\Software\BabSolution
Klucz Znaleziono : HKCU\Software\DataMngr
Klucz Znaleziono : HKCU\Software\DataMngr_Toolbar
Klucz Znaleziono : HKCU\Software\Delta
Klucz Znaleziono : HKCU\Software\filescout
Klucz Znaleziono : HKCU\Software\InstallCore
Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Znaleziono : HKLM\SOFTWARE\5de8c88b33bea43
Klucz Znaleziono : HKLM\SOFTWARE\Classes*\shell\filescout
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID{09C554C3-109B-483C-A06B-F14172F1A947}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID{39CB8175-E224-4446-8746-00566302DF8D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID{261DD098-8A3E-43D4-87AA-63324FA897D8}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID{86838207-681D-469D-9511-D0DCC6F19F9B}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\d
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltaappCore
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klucz Znaleziono : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Klucz Znaleziono : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib{39CB8175-E224-4446-8746-00566302DF8D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib{4599D05A-D545-4069-BB42-5895B4EAE05B}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Znaleziono : HKLM\Software\DataMngr
Klucz Znaleziono : HKLM\Software\Delta
Klucz Znaleziono : HKLM\Software\dosearchessoftware
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{B10A941D-FC74-4A3D-B5B1-1E3F1B2C4321}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B10A941D-FC74-4A3D-B5B1-1E3F1B2C4321}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Znaleziono : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dosearches Browser Protecter
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Klucz Znaleziono : HKLM\Software\supWPM
Klucz Znaleziono : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Wartość Znaleziono : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wartość Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wartość Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Wartość Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Wartość Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
***** [Przeglądarki internetowe] *****
-\ Internet Explorer v8.0.7600.16385
Ustawienie Znaleziono : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=hp&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767
Ustawienie Znaleziono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=hp&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767
Ustawienie Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767&type=default&q={searchTerms}
Ustawienie Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=hp&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767
Ustawienie Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=hp&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767
Ustawienie Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&ts=1383892767&type=default&q={searchTerms}
Ustawienie Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=68BA0013EFF14544&affID=119357&tsp=4983
Ustawienie Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=68BA0013EFF14544&affID=119357&tsp=4983
-\ Mozilla Firefox v30.0 (pl)
[Plik : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\prefs.js]
Wpis znaleziony : user_pref(“browser.newtab.url”, "hxxp://www.dosearches.com/newtab/?utm_source=b&utm_medium=cor&utm_campaign=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&utm_content=nt&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y[…]
Wpis znaleziony : user_pref(“browser.search.defaultenginename”, “dosearches”);
Wpis znaleziony : user_pref(“browser.search.selectedEngine”, “dosearches”);
Wpis znaleziony : user_pref(“extensions.delta.admin”, false);
Wpis znaleziony : user_pref(“extensions.delta.aflt”, “babsst”);
Wpis znaleziony : user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);
Wpis znaleziony : user_pref(“extensions.delta.autoRvrt”, “false”);
Wpis znaleziony : user_pref(“extensions.delta.dfltLng”, “en”);
Wpis znaleziony : user_pref(“extensions.delta.excTlbr”, false);
Wpis znaleziony : user_pref(“extensions.delta.ffxUnstlRst”, true);
Wpis znaleziony : user_pref(“extensions.delta.id”, “68ba77620000000000000013eff14544”);
Wpis znaleziony : user_pref(“extensions.delta.instlDay”, “15940”);
Wpis znaleziony : user_pref(“extensions.delta.instlRef”, “sst”);
Wpis znaleziony : user_pref(“extensions.delta.newTab”, false);
Wpis znaleziony : user_pref(“extensions.delta.prdct”, “delta”);
Wpis znaleziony : user_pref(“extensions.delta.prtnrId”, “delta”);
Wpis znaleziony : user_pref(“extensions.delta.rvrt”, “false”);
Wpis znaleziony : user_pref(“extensions.delta.smplGrp”, “none”);
Wpis znaleziony : user_pref(“extensions.delta.tlbrId”, “base”);
Wpis znaleziony : user_pref(“extensions.delta.tlbrSrchUrl”, “”);
Wpis znaleziony : user_pref(“extensions.delta.vrsn”, “1.8.24.6”);
Wpis znaleziony : user_pref(“extensions.delta.vrsnTs”, “1.8.24.611:21:23”);
Wpis znaleziony : user_pref(“extensions.delta.vrsni”, “1.8.24.6”);
Wpis znaleziony : user_pref(“extensions.delta_i.babExt”, “”);
Wpis znaleziony : user_pref(“extensions.delta_i.babTrack”, “affID=119357&tsp=4983”);
Wpis znaleziony : user_pref(“extensions.delta_i.srcExt”, “ss”);
*************************
AdwCleaner[R0].txt - [14451 octets] - [26/06/2014 17:55:22]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14512 octets] ##########
AdwCleaner[s0]
AdwCleaner v3.213 - Log utworzony 26/06/2014 o 18:02:31
Aktualizacja 23/06/2014 przez Xplode
System operacyjny : Windows 7 Professional (32 bits)
Użytkownik : jacek - JACEK-KOMPUTER
Ścieżka : C:\Users\jacek\Desktop\AdwCleaner.exe
Opcja : Usuń
***** [Usługi] *****
Usługa Usunięto : Wpm
***** [Pliki / Foldery] *****
Folder Usunięto : C:\ProgramData\Babylon
[!] Folder Usunięto : C:\ProgramData\BitGuard
Folder Usunięto : C:\ProgramData\eSafe
Folder Usunięto : C:\ProgramData\WPM
Folder Usunięto : C:\Program Files\Delta
Folder Usunięto : C:\Users\jacek\AppData\Local\Temp\mt_ffx
Folder Usunięto : C:\Users\jacek\AppData\LocalLow\Delta
Folder Usunięto : C:\Users\jacek\AppData\Roaming\BabSolution
Folder Usunięto : C:\Users\jacek\AppData\Roaming\Babylon
Folder Usunięto : C:\Users\jacek\AppData\Roaming\dosearches
Folder Usunięto : C:\Users\jacek\AppData\Roaming\file scout
Folder Usunięto : C:\Users\jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Usunięto : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\Extensions\ffxtlbr@delta.com
Plik Usunięto : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\bprotector_extensions.sqlite
Plik Usunięto : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\bprotector_prefs.js
Plik Usunięto : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\user.js
Plik Usunięto : C:\Windows\System32\Tasks\EPUpdater
***** [Skróty] *****
Skrót Wyleczono : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Skrót Wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Skrót Wyleczono : C:\Users\jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
***** [Rejestr] *****
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
[#] Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{B10A941D-FC74-4A3D-B5B1-1E3F1B2C4321}
[#] Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B10A941D-FC74-4A3D-B5B1-1E3F1B2C4321}
[#] Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Wartość Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Klucz Usunięto : HKLM\SOFTWARE\Classes*\shell\filescout
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klucz Usunięto : HKLM\SOFTWARE\Classes\d
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltaappCore
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klucz Usunięto : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Klucz Usunięto : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Klucz Usunięto : HKCU\Software\5de8c88b33bea43
Klucz Usunięto : HKLM\SOFTWARE\5de8c88b33bea43
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID{09C554C3-109B-483C-A06B-F14172F1A947}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID{39CB8175-E224-4446-8746-00566302DF8D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID{261DD098-8A3E-43D4-87AA-63324FA897D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID{86838207-681D-469D-9511-D0DCC6F19F9B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib{39CB8175-E224-4446-8746-00566302DF8D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib{4599D05A-D545-4069-BB42-5895B4EAE05B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Klucz Usunięto : HKCU\Software\BabSolution
Klucz Usunięto : HKCU\Software\DataMngr
[#] Klucz Usunięto : HKCU\Software\DataMngr_Toolbar
Klucz Usunięto : HKCU\Software\Delta
Klucz Usunięto : HKCU\Software\filescout
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKLM\Software\DataMngr
Klucz Usunięto : HKLM\Software\Delta
Klucz Usunięto : HKLM\Software\dosearchessoftware
Klucz Usunięto : HKLM\Software\supWPM
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dosearches Browser Protecter
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Dane Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\bitguard\271832~1.68{c16c1~1\bitguard.dll
Klucz Usunięto : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [Przeglądarki internetowe] *****
-\ Internet Explorer v8.0.7600.16385
Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
-\ Mozilla Firefox v30.0 (pl)
[Plik : C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\76o49hqw.default\prefs.js]
Wpis usunięty : user_pref(“browser.newtab.url”, "hxxp://www.dosearches.com/newtab/?utm_source=b&utm_medium=cor&utm_campaign=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y5&utm_content=nt&from=cor&uid=ST3250410AS_6RY5M6Y5XXXX6RY5M6Y[…]
Wpis usunięty : user_pref(“browser.search.defaultenginename”, “dosearches”);
Wpis usunięty : user_pref(“browser.search.selectedEngine”, “dosearches”);
Wpis usunięty : user_pref(“extensions.delta.admin”, false);
Wpis usunięty : user_pref(“extensions.delta.aflt”, “babsst”);
Wpis usunięty : user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);
Wpis usunięty : user_pref(“extensions.delta.autoRvrt”, “false”);
Wpis usunięty : user_pref(“extensions.delta.dfltLng”, “en”);
Wpis usunięty : user_pref(“extensions.delta.excTlbr”, false);
Wpis usunięty : user_pref(“extensions.delta.ffxUnstlRst”, true);
Wpis usunięty : user_pref(“extensions.delta.id”, “68ba77620000000000000013eff14544”);
Wpis usunięty : user_pref(“extensions.delta.instlDay”, “15940”);
Wpis usunięty : user_pref(“extensions.delta.instlRef”, “sst”);
Wpis usunięty : user_pref(“extensions.delta.newTab”, false);
Wpis usunięty : user_pref(“extensions.delta.prdct”, “delta”);
Wpis usunięty : user_pref(“extensions.delta.prtnrId”, “delta”);
Wpis usunięty : user_pref(“extensions.delta.rvrt”, “false”);
Wpis usunięty : user_pref(“extensions.delta.smplGrp”, “none”);
Wpis usunięty : user_pref(“extensions.delta.tlbrId”, “base”);
Wpis usunięty : user_pref(“extensions.delta.tlbrSrchUrl”, “”);
Wpis usunięty : user_pref(“extensions.delta.vrsn”, “1.8.24.6”);
Wpis usunięty : user_pref(“extensions.delta.vrsnTs”, “1.8.24.611:21:23”);
Wpis usunięty : user_pref(“extensions.delta.vrsni”, “1.8.24.6”);
Wpis usunięty : user_pref(“extensions.delta_i.babExt”, “”);
Wpis usunięty : user_pref(“extensions.delta_i.babTrack”, “affID=119357&tsp=4983”);
Wpis usunięty : user_pref(“extensions.delta_i.srcExt”, “ss”);
*************************
AdwCleaner[R0].txt - [14593 octets] - [26/06/2014 17:55:22]
AdwCleaner[s0].txt - [12377 octets] - [26/06/2014 18:02:31]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12438 octets] ##########