Samo włączający się folder syswow64

camillo2001 · 9 Maja 2014

Podczas każdego uruchamiania windwosa 7 wyłącza mi się ten syswow64 folder. Bardzo mnie to denerwuje. W załączniku dodam OTL i Extras. Proszę o pomoc

OTL.Txt

Extras.Txt

Janusz. · 9 Maja 2014

Log źle wykonany.

Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

wykonaj je ponownie upewniając się że wszystko dobrze zaznaczyłeś. nie klikaj "szybki skan" tylko "skanuj".

camillo2001 · 9 Maja 2014

Log źle wykonany.
Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
wykonaj je ponownie upewniając się że wszystko dobrze zaznaczyłeś. nie klikaj "szybki skan" tylko "skanuj".

OTL.Txt

Rocki star12 · 9 Maja 2014

Jeszcze extras dorzuć..

Janusz. · 9 Maja 2014

@up, nie trzeba. jest jeden na górze i tyle mi wystarczy

przeskanuj te pliki na virustotal.com

C:\Windows\Ti878306ta.exe

C:\Windows\SysWow64\774053878306l.exe

chce się tylko upewnić że są to wirusy.

ps. te pliki mogą być ukryte. w opcjach folderów zaznacz pokazywanie ukrytych plików.

z tego co widzę to miałeś taki sam problem prawie tydzień temu. trzeba było od razu dać logi ;-)

camillo2001 · 9 Maja 2014

@up, nie trzeba. jest jeden na górze i tyle mi wystarczy

przeskanuj te pliki na virustotal.com
C:\Windows\Ti878306ta.exe
C:\Windows\SysWow64\774053878306l.exe
chce się tylko upewnić że są to wirusy.

ps. te pliki mogą być ukryte. w opcjach folderów zaznacz pokazywanie ukrytych plików.

z tego co widzę to miałeś taki sam problem prawie tydzień temu. trzeba było od razu dać logi ;-)

Mam Je po prostu usunąć? A co do problemu to tak

Janusz. · 9 Maja 2014

napisałem żebyś usuwał? poprosiłem o przeskanowanie ich na virustotal.com

camillo2001 · 9 Maja 2014

napisałem żebyś usuwał? poprosiłem o przeskanowanie ich na virustotal.com

Pisze mi że skanowałem te pliki. A co do skanowania zrobiłem ss link :

https://fbcdn-sphotos-e-a.akamaihd.net/hphotos-ak-ash3/t1.0-9/10339633_1404331423184313_7268119884458475424_n.jpg

https://scontent-a-cdg.xx.fbcdn.net/hphotos-ash3/t1.0-9/10301971_1404341516516637_45829312999000740_n.jpg

Janusz. · 9 Maja 2014

https://scontent-a-cdg.xx.fbcdn.net/hphotos-ash3/t1.0-9/10301971_1404341516516637_45829312999000740_n.jpg

to nie jest żaden z tych plików o które prosiłem.

C:\Windows\Ti878306ta.exe

C:\Windows\SysWow64\774053878306l.exe - te 2 pliki mają być przeskanowane. daj mi potem linka do skanów.

camillo2001 · 9 Maja 2014

https://scontent-a-cdg.xx.fbcdn.net/hphotos-ash3/t1.0-9/10301971_1404341516516637_45829312999000740_n.jpg

to nie jest żaden z tych plików o które prosiłem.

C:\Windows\Ti878306ta.exe

C:\Windows\SysWow64\774053878306l.exe - te 2 pliki mają być przeskanowane. daj mi potem linka do skanów.

O to linki:

https://www.virustotal.com/pl/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1399663666/

https://www.virustotal.com/pl/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1399663801/

Janusz. · 9 Maja 2014

Odinstaluj
Nero Toolbar Updater
Babylon toolbar on IE
Bing Bar
Ask Toolbar
Google Toolbar for Internet Explorer
MediaCaster by Ask

1. w własne opcje skanowania wklej

:OTL
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{4845F837-FE34-9F73-D66C-4EA6AD052550}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtAtAyByCyByCyCyEzzzztN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1286387809
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.sweetim.com/?crg=3.1010000&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=A436889FFA337676&affID=119357&tt=160913_nocpn&tsp=5010
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{AB887800-5EA0-446E-A083-FD4E614C03F8}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [T] \sa-.exe File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [T1TT4] \l.exe File not found
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [T1602065TT4] C:\Windows\SysWOW64\774053878306l.exe ()
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [se] C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe  /minimized  File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:[b]64bit:[/b] - Protocol\Handler\base64 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\chrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\prox - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~3\SPEEDS~1\SPEEDS~2.DLL) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\speeds~1\speeds~1.dll) -  File not found
O20 - HKLM Winlogon: UserInit - ("C:\Windows\M60262\Ja280254bLay.com") - C:\Windows\M60262\Ja280254bLay.com ()
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:[b]64bit:[/b] - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27:[b]64bit:[/b] - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O32 - AutoRun File - [2013/11/18 20:10:27 | 000,000,007 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05E9FFE5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:DFC5A2B2


:Files
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-6.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-5.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-4.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-1.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-2.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-6.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-7.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-7.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-6.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-2.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-5.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-3.job

:Commands
[emptytemp]

wykonaj skrypt, zatwierdź restart i zrób nowe logi bez extras.txt (odznacz rejestr - skan dodatkowy)

// w poprzednim temacie @wakc34 poprosił cię o zdjęcie msconfig, nie mogłeś go otworzyć bo otwierał się on w notatniku.

O27:[b]64bit:[/b] - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27:[b]64bit:[/b] - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)

te wpisy powodowały otwieranie się rejestru i msconfig'u w notatniku. po tym fixie powinno być ok.

camillo2001 · 10 Maja 2014

Odinstaluj

Nero Toolbar Updater

Babylon toolbar on IE

Bing Bar

Ask Toolbar

Google Toolbar for Internet Explorer

MediaCaster by Ask

1. w własne opcje skanowania wklej

:OTL
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{4845F837-FE34-9F73-D66C-4EA6AD052550}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtAtAyByCyByCyCyEzzzztN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1286387809
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.sweetim.com/?crg=3.1010000&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=A436889FFA337676&affID=119357&tt=160913_nocpn&tsp=5010
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{AB887800-5EA0-446E-A083-FD4E614C03F8}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [T] \sa-.exe File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [T1TT4] \l.exe File not found
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [T1602065TT4] C:\Windows\SysWOW64\774053878306l.exe ()
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [se] C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe  /minimized  File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:[b]64bit:[/b] - Protocol\Handler\base64 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\chrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\prox - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~3\SPEEDS~1\SPEEDS~2.DLL) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\speeds~1\speeds~1.dll) -  File not found
O20 - HKLM Winlogon: UserInit - ("C:\Windows\M60262\Ja280254bLay.com") - C:\Windows\M60262\Ja280254bLay.com ()
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:[b]64bit:[/b] - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27:[b]64bit:[/b] - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O32 - AutoRun File - [2013/11/18 20:10:27 | 000,000,007 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05E9FFE5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:DFC5A2B2


:Files
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-6.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-5.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-4.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-1.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-2.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-6.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-7.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-7.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-6.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-2.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-5.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-3.job

:Commands
[emptytemp]

wykonaj skrypt, zatwierdź restart i zrób nowe logi bez extras.txt (odznacz rejestr - skan dodatkowy)

// w poprzednim temacie @wakc34 poprosił cię o zdjęcie msconfig, nie mogłeś go otworzyć bo otwierał się on w notatniku.

O27:64bit: - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)

O27 - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)

O27 - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)

te wpisy powodowały otwieranie się rejestru i msconfig'u w notatniku. po tym fixie powinno być ok.

OTL.Txt

Janusz. · 10 Maja 2014

Wyślij mi jeszcze fixloga (znajdziesz go w folderze OTL na dysku C)

camillo2001 · 10 Maja 2014

WYŚLIJ mi jeszcze fixloga (znajdziesz go w folderze OTL na Dysku C)

nie mogę wysłać załącznika

Janusz. · 10 Maja 2014

Bo jest zapewne w formacie *.log. zmień je na *.txt albo skopiuj zawartość i wklej na

www.wklej.org

camillo2001 · 10 Maja 2014

Bo jest zapewne w formacie *.log. zmień je na *.txt albo skopiuj zawartość i wklej na
www.wklej.org

http://www.mediafire.com/view/ptko130409adb1b/05102014_095405.log

Janusz. · 10 Maja 2014

Fix nie został wykonany bo nie skopiowałeś całości.

instrukcja w spoilerze.

Odinstaluj
Nero Toolbar Updater
Babylon toolbar on IE
Bing Bar
Ask Toolbar
Google Toolbar for Internet Explorer
MediaCaster by Ask

1. w własne opcje skanowania wklej

:OTL
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{4845F837-FE34-9F73-D66C-4EA6AD052550}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtAtAyByCyByCyCyEzzzztN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1286387809
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.sweetim.com/?crg=3.1010000&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=A436889FFA337676&affID=119357&tt=160913_nocpn&tsp=5010
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{AB887800-5EA0-446E-A083-FD4E614C03F8}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [T] \sa-.exe File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [T1TT4] \l.exe File not found
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [T1602065TT4] C:\Windows\SysWOW64\774053878306l.exe ()
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [se] C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe  /minimized  File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:[b]64bit:[/b] - Protocol\Handler\base64 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\chrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\prox - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~3\SPEEDS~1\SPEEDS~2.DLL) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\speeds~1\speeds~1.dll) -  File not found
O20 - HKLM Winlogon: UserInit - ("C:\Windows\M60262\Ja280254bLay.com") - C:\Windows\M60262\Ja280254bLay.com ()
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:[b]64bit:[/b] - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27:[b]64bit:[/b] - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O32 - AutoRun File - [2013/11/18 20:10:27 | 000,000,007 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05E9FFE5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:DFC5A2B2


:Files
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-6.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-5.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-4.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-1.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-2.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-6.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-7.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-7.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-6.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-2.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-5.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-3.job

:Commands
[emptytemp]

wykonaj skrypt, zatwierdź restart i zrób nowe logi bez extras.txt (odznacz rejestr - skan dodatkowy)

upewnij się że skopiowałeś całość code (od :OTL aż do końca.)

camillo2001 · 10 Maja 2014

DnaloPub, w 10 Maj 2014 - 11:28, powiedział:

Fix NIE został wykonany bo nie nie skopiowałeś całości.

instrukcja w spoilerze.

Odinstaluj

Nero Toolbar Updater

IE toolbar Babylon na

Bing Bar

Ask Toolbar

Google Toolbar dla przeglądarki Internet Explorer

MediaCaster przez Zapytaj

1. Wag Własne OPCJE skanowania wklej

: OTLDRV: [b] 64bit: [/ b] - File not found [Kernel | On_Demand | Stopped] - C: \ Program Files \ Enigma Software Group \ SpyHunter \ esgiguard.sys - (esgiguard)IE: [b] 64bit: [/ b] - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEXIE:'>http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEXIE: [b] 64bit: [/ b] - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE:'>http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE: [b] 64bit: [/ b] - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE:'>http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE: [b] 64bit: [/ b] - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEXIE - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEXIE - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEXIE - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE - HKLM \ .. \ SearchScopes \ {33BB0A4E-99AF-4226-BDF6-49120163DE86}: "Adres URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}IE - HKLM \ .. \ SearchScopes \ {4845F837-FE34-9F73-D66C-4EA6AD052550}: "Adres URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}IE - HKLM \ .. \ SearchScopes \ {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "Adres URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39IE - HKLM \ .. \ SearchScopes \ {EEE6C360-6118-11DC-9C72-001320C79847}: "Adres URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtAtAyByCyByCyCyEzzzztN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1286387809IE - HKU \ S-1-5-21-1320080679-4065846851-3746739224-1000 \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Backup.Old.Start strona = http://home.sweetim.com/?crg=3.1010000 & Barid = {307254D4-18A4-464F-BB8A-F4F815F2F55C}IE - HKU \ S-1-5-21-1320080679-4065846851-3746739224-1000 \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEXIE - HKU \ S-1-5-21-1320080679-4065846851-3746739224-1000 \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}IE - HKU \ S-1-5-21-1320080679-4065846851-3746739224-1000 \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}IE - HKU \ S-1-5-21-1320080679-4065846851-3746739224-1000 \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEXIE - "Adres URL" =IE - "Adres URL" =IE - "Adres URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p = {searchTerms}IE - "Adres URL" =O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c: \ progra ~ 1 \ McAfee \ MSK \ mskapbho.dll Nie znaleziono plikuO2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C: \ PROGRA ~ 2 \ Funmoods \ 1.5.23.22 \ bh \ escort.dll Nie znaleziono plikuO3: [b] 64bit: [/ b] - HKLM \ .. \ Toolbar: (no name) - Locked - No CLSID value znaleziono.O4 - HKLM .. \ Run: [T] nie znaleziono \ SA-.exe plikuO4 - HKLM .. \ Run: [mobilegeni demon] C: \ Program Files (x86) \ Mobogenie \ DaemonProcess.exe Nie znaleziono plikuO4 - HKU \ S-1-5-21-1320080679-4065846851-3746739224-1000 .. \ Run: [T1TT4] \ l.exe Nie znaleziono plikuO4 - HKU \ S-1-5-21-1320080679-4065846851-3746739224-1000 .. \ Run: [T1602065TT4] C: \ Windows \ SysWOW64 \ 774053878306l.exe ()O4 - HKU \ S-1-5-21-1320080679-4065846851-3746739224-1000 .. \ Run: [SE] C: \ Users \ użytkownik \ AppData \ Roaming \ SkypEmoticons \ nie znaleziono SE.exe / zminimalizowane plikuO4 - HKU \ default .. \ RunOnce:. [SPReview] "C: \ Windows \ System32 \ SPReview \ SPReview.exe" / SP: 1 / errorfwlink: "http://go.microsoft.com/fwlink/?LinkID'>http://go.microsoft.com/fwlink/?LinkID = 122915 "/ build: 7601 Nie znaleziono plikuO4 - HKU \ S-1-5-18 .. \ RunOnce: [SPReview] "C: \ Windows \ System32 \ SPReview \ SPReview.exe" / SP: 1 / errorfwlink: "http://go.microsoft.com ? / fwlink / LinkId = 122915 "/ build: 7601 Nie znaleziono plikuO4 - HKU \ S-1-5-19 .. \ RunOnce: [mctadmin] C: nie znaleziono \ Windows \ System32 \ mctadmin.exe plikuO4 - HKU \ S-1-5-20 .. \ RunOnce: [mctadmin] C: nie znaleziono \ Windows \ System32 \ mctadmin.exe plikuO8: [b] 64bit: [/ b] - Extra context menu item: Dodaj do Google Foto Screensa & ver - res :/ / C: \ Windows \ system32 \ GPhotos.scr/200 Nie znaleziono plikuO8: [b] 64bit: [/ b] - Extra context menu item: E & ksportuj temat programu Microsoft Excel - res :/ / C: \ PROGRA ~ 2 \ Micros ~ 4 \ Office14 \ EXCEL.EXE/3000 Nie znaleziono plikuO8: [b] 64bit: [/ b] - Extra context menu item: WYŚLIJ & temat programu OneNote - res :/ / C: \ PROGRA ~ 2 \ Micros ~ 4 \ Office14 \ ONBttnIE.dll/105 Nie znaleziono plikuO8 - Extra context menu item: E & ksportuj temat programu Microsoft Excel - res :/ / C: \ PROGRA ~ 2 \ Micros ~ 4 \ Office14 \ EXCEL.EXE/3000 Nie znaleziono plikuO8 - Extra context menu item: WYŚLIJ & temat programu OneNote - res :/ / C: \ PROGRA ~ 2 \ Micros ~ 4 \ Office14 \ ONBttnIE.dll/105 Nie znaleziono plikuO13 [b] 64bit: [/ b] - Gopher Prefix: brakO13 - Gopher Prefix: brakO18: [b] 64bit: [/ b] - Protokół \ Handler \ base64 - Nie znaleziono wartości CLSIDO18: [b] 64bit: [/ b] - Protokół \ Handler \ chrom - Nie znaleziono wartości CLSIDO18: [b] 64bit: [/ b] - Protokół \ Handler \ ms-help - Nie znaleziono wartości CLSIDO18: [b] 64bit: [/ b] - Protokół \ Handler \ Prox - Nie znaleziono wartości CLSIDO18: [b] 64bit: [/ b] - Protokół \ Handler \ skype4com - Nie znaleziono wartości CLSIDO18: [b] 64bit: [/ b] - Protokół \ Handler \ WLPG - Nie znaleziono wartości CLSIDO20: [b] 64bit: [/ b] - AppInit_DLLs: (C: \ PROGRA ~ 3 \ ~ 1 \ PRĘDKOŚCI PRĘDKOŚCI ~ 2.dll) - Nie znaleziono plikuO20 - AppInit_DLLs: (c: \ progra ~ 3 \ ~ 1 \ prędkości prędkości ~ 1.dll) - Nie znaleziono plikuO20 - HKLM Winlogon: Userinit - ("C: \ Windows \ M60262 \ Ja280254bLay.com") - C: \ Windows \ M60262 \ Ja280254bLay.com ()O21: [b] 64bit: [/ b] - SSODL: Odprawa - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value znaleziono.O21 - SSODL: Odprawa - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value znaleziono.O27: [b] 64bit: [/ b] - HKLM IFEO \ msconfig.exe: Debugger - C: \ Windows \ notepad.exe (Microsoft Corporation)O27: [b] 64bit: [/ b] - HKLM IFEO \ regedit.exe: Debugger - C: \ Windows \ notepad.exe (Microsoft Corporation)O27 - HKLM IFEO \ msconfig.exe: Debugger - C: \ Windows \ notepad.exe (Microsoft Corporation)O27 - HKLM IFEO \ regedit.exe: Debugger - C: \ Windows \ notepad.exe (Microsoft Corporation)O32 - AutoRun File - [18.11.2013 20:10:27 | 000000007 |-HS-| M] () - C: \ autoexec.bat - [NTFS]@ Alternate Data Stream - 160 bytes -> C: \ ProgramData \ MTA San Andreas Wszystkie: NT2@ Alternate Data Stream - 160 bytes -> C: \ ProgramData: NT2@ Alternate Data Stream - 150 bytes -> C: \ ProgramData \ Temp: 5D7E5A8F@ Alternate Data Stream - 149 bytes -> C: \ ProgramData \ Temp: CDFF58FE@ Alternate Data Stream - 143 bytes -> C: \ ProgramData \ Temp: 93EB7685@ Alternate Data Stream - 141 bytes -> C: \ ProgramData \ Temp: E36F5B57@ Alternate Data Stream - 140 bytes -> C: \ ProgramData \ Temp: 4D066AD2@ Alternate Data Stream - 135 bytes -> C: \ ProgramData \ Temp: E1F04E8D@ Alternate Data Stream - 134 bytes -> C: \ ProgramData \ Temp: 1A60DE96@ Alternate Data Stream - 133 bytes -> C: \ ProgramData \ Temp: 05E9FFE5@ Alternate Data Stream - 127 bytes -> C: \ ProgramData \ Temp: 430C6D84@ Alternate Data Stream - 121 bytes -> C: \ ProgramData \ Temp: 0B9176C0@ Alternate Data Stream - 119 bytes -> C: \ ProgramData \ Temp: E3C56885@ Alternate Data Stream - 118 bytes -> C: \ ProgramData \ Temp: 798A3728@ Alternate Data Stream - 116 bytes -> C: \ ProgramData \ Temp: D1B5B4F1@ Alternate Data Stream - 111 bytes -> C: \ ProgramData \ Temp: DFC5A2B2: PlikiC: \ WINDOWS \ Tasks \ e0e0a655-8982-4713-80fc-d3529a8a196a-6.jobC: \ WINDOWS \ Tasks \ e0e0a655-8982-4713-80fc-d3529a8a196a-5.jobC: \ WINDOWS \ Tasks \ e0e0a655-8982-4713-80fc-d3529a8a196a-4.jobC: \ WINDOWS \ Tasks \ e0e0a655-8982-4713-80fc-d3529a8a196a-1.jobC: \ WINDOWS \ Tasks \ e0e0a655-8982-4713-80fc-d3529a8a196a-2.jobC: \ WINDOWS \ Tasks \ e0e0a655-8982-4713-80fc-d3529a8a196a-6.jobC: \ WINDOWS \ Tasks \ e0e0a655-8982-4713-80fc-d3529a8a196a-7.jobC: \ WINDOWS \ Tasks \ 2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-7.jobC: \ WINDOWS \ Tasks \ 2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-6.jobC: \ WINDOWS \ Tasks \ 2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.jobC: \ WINDOWS \ Tasks \ 2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.jobC: \ WINDOWS \ Tasks \ 2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-2.jobC: \ WINDOWS \ Tasks \ 2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-5.jobC: \ WINDOWS \ Tasks \ 2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-3.job: Polecenia[Emptytemp]

wykonaj Skrypt, zatwierdź ponownie uruchomić i Zrob Nowe logi Bez extras.txt (odznacz Rejestr - skan dodatkowy)

[/ Spoiler]

upewnij SIE ZE skopiowałe

camillo2001 · 10 Maja 2014

Fix nie został wykonany bo nie skopiowałeś całości.

instrukcja w spoilerze.

Odinstaluj

Nero Toolbar Updater

Babylon toolbar on IE

Bing Bar

Ask Toolbar

Google Toolbar for Internet Explorer

MediaCaster by Ask

1. w własne opcje skanowania wklej

:OTL
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{4845F837-FE34-9F73-D66C-4EA6AD052550}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0AtAtAyByCyByCyCyEzzzztN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1286387809
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.sweetim.com/?crg=3.1010000&barid={307254D4-18A4-464F-BB8A-F4F815F2F55C}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&ts=1384086294&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=A436889FFA337676&affID=119357&tt=160913_nocpn&tsp=5010
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399216012&from=ild&uid=HitachiXHTS545050B9A300_110124PBN403171P4JWEX&q={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{AB887800-5EA0-446E-A083-FD4E614C03F8}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
IE - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=964&r=2013/10/17&hid=5935598636926409227&lg=EN&cc=PL&unqvl=39
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [T] \sa-.exe File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [T1TT4] \l.exe File not found
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [T1602065TT4] C:\Windows\SysWOW64\774053878306l.exe ()
O4 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000..\Run: [se] C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe  /minimized  File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:[b]64bit:[/b] - Protocol\Handler\base64 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\chrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\prox - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~3\SPEEDS~1\SPEEDS~2.DLL) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\speeds~1\speeds~1.dll) -  File not found
O20 - HKLM Winlogon: UserInit - ("C:\Windows\M60262\Ja280254bLay.com") - C:\Windows\M60262\Ja280254bLay.com ()
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:[b]64bit:[/b] - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27:[b]64bit:[/b] - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\Windows\notepad.exe (Microsoft Corporation)
O32 - AutoRun File - [2013/11/18 20:10:27 | 000,000,007 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05E9FFE5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:DFC5A2B2


:Files
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-6.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-5.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-4.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-1.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-2.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-6.job
C:\Windows\tasks\e0e0a655-8982-4713-80fc-d3529a8a196a-7.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-7.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-6.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-2.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-5.job
C:\Windows\tasks\2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-3.job

:Commands
[emptytemp]

wykonaj skrypt, zatwierdź restart i zrób nowe logi bez extras.txt (odznacz rejestr - skan dodatkowy)

upewnij się że skopiowałeś całość code (od :OTL aż do końca.)

Dobra za 3 razem zadziałało

http://www.mediafire.com/view/m72wj9pofne81cv/05102014_114720.log

Janusz. · 10 Maja 2014

Fix wygląda na wykonany. zrób nowe logi OTL dla pewności że wszystko zostało usunięte.

Total Files Cleaned = 4,476.00 mb

4,5gb syfu

camillo2001 · 10 Maja 2014

Z extras?

Fix wygląda na wykonany. zrób nowe logi OTL dla pewności że wszystko zostało usunięte.
Total Files Cleaned = 4,476.00 mb
4,5gb syfu

Z extras ?

Janusz. · 10 Maja 2014

bez różnicy.

ps. odinstalowałeś te adware o które prosiłem?

camillo2001 · 10 Maja 2014

bez różnicy.

ps. odinstalowałeś te adware o które prosiłem?

które?

Janusz. · 10 Maja 2014

Odinstaluj te adware z panelu sterowania

Nero Toolbar Updater
Babylon toolbar on IE
Bing Bar
Ask Toolbar
Google Toolbar for Internet Explorer
MediaCaster by Ask

i zrób nowe logi bez extras (odznacz rejestr - skan dodatkowy)

camillo2001 · 10 Maja 2014

Odinstaluj te adware z panelu sterowania

Nero Toolbar Updater

Babylon toolbar on IE

Bing Bar

Ask Toolbar

Google Toolbar for Internet Explorer

MediaCaster by Ask

i zrób nowe logi bez extras (odznacz rejestr - skan dodatkowy)

Odinsalowałem wszytko jak mi wcześniej kazałeś a skan nic nie wykazał. Jesteś wielki. Dzięki

Janusz. · 10 Maja 2014

Czyli już wszystko działa? daj mi jeszcze dla pewności nowego loga. nie wiem czym były te 2 pliki i chciałbym zobaczyć czy się odnowiły (nowe wpisy etc)

Zaloguj się

👋 Witaj na MPCForum!

Samo włączający się folder syswow64

Pytanie

47 odpowiedzi na to pytanie

Rekomendowane odpowiedzi

Zarchiwizowany