Kliknij prawym na SpaceSniffer i wybierz Uruchom jako administrator.
Odinstaluj wszystkie śmieci: Babylon toolbar, Browsers Protector, vShare.tv plugin
Do okna Własne opcje skanowania / skrypt wklej:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=8e72814f-1acc-11e1-8dc6-0023541a2c3c
IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=8e72814f-1acc-11e1-8dc6-0023541a2c3c&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=8e72814f-1acc-11e1-8dc6-0023541a2c3c
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=8e72814f-1acc-11e1-8dc6-0023541a2c3c&q={searchTerms}
IE - HKCU\..\SearchScopes\{0A3E4006-2AF9-4959-BD51-507B8884D520}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=119998&tt=290312_bexdll&babsrc=SP_ss&mntrId=ae2f1aad00000000000000ff01000001
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=8e72814f-1acc-11e1-8dc6-0023541a2c3c&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/burn4free/{04870EC0-4E72-447A-81ED-58EC8D6D069A}?q={searchTerms}
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RTS\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012-01-20 07:07:56 | 000,025,088 | ---- | M] () [File_System | Boot | Unknown] -- C:\Windows\System32\drivers\xusb21ex.sys -- (xusb21ex)
DRV - [2012-01-20 07:07:02 | 000,017,408 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\vmsnt.sys -- (vmsnt)
DRV - [2012-01-20 07:06:02 | 000,522,240 | ---- | M] () [Kernel | System | Unknown] -- C:\Windows\System32\drivers\usb2k.sys -- (usb2k)
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=8e72814f-1acc-11e1-8dc6-0023541a2c3c"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=8e72814f-1acc-11e1-8dc6-0023541a2c3c&q="user_pref("extensions.enabledAddons", "{42f36c01-0bd8-307b-8f21-eda6c8357423}:4.6.8.5");
[2012-01-03 23:19:03 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\RTS\AppData\Roaming\mozilla\Firefox\Profiles\xfdsum43.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011-12-22 21:06:03 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\RTS\AppData\Roaming\mozilla\Firefox\Profiles\xfdsum43.default\extensions\ffxtlbr@babylon.com
[2012-04-03 21:34:54 | 000,000,792 | ---- | M] () -- C:\Users\RTS\AppData\Roaming\Mozilla\Firefox\Profiles\xfdsum43.default\searchplugins\startsear.xml
[2012-01-03 23:19:00 | 000,003,915 | ---- | M] () -- C:\Users\RTS\AppData\Roaming\Mozilla\Firefox\Profiles\xfdsum43.default\searchplugins\sweetim.xml
O2 - BHO: (extrafind) - {b9224880-4c47-15a4-5652-f18ef47cfb16} - C:\Windows\System32\cea789c8.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O20 - HKLM Winlogon: UserInit - (C:\Program Files\KGB\mpk.exe) - File not found
[2012-01-20 15:47:41 | 3545,617,284 | ---- | C] () -- C:\Windows\System32\Loccache.dll
[2012-01-20 15:46:12 | 000,000,032 | ---- | C] () -- C:\Windows\System32\Deviccom.dat.dll
[2012-01-20 07:13:42 | 003,158,016 | ---- | C] () -- C:\Windows\System32\eventsvr.exe
[2012-01-20 07:07:56 | 001,094,144 | ---- | C] () -- C:\Windows\System32\blbx86.dll
[2012-01-20 07:07:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\wwanc32.dll
[2011-12-18 14:38:50 | 000,004,430 | ---- | C] () -- C:\Users\RTS\AppData\Local\promo.exe
[2012-04-03 20:51:56 | 000,075,045 | ---- | C] () -- C:\Windows\System32\c8b1d34c.exe
[2012-04-03 20:51:53 | 001,915,904 | ---- | C] () -- C:\Windows\System32\cea789c8.dll
:Commands
[emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.