Samo włączający się folder syswow64

camillo2001 · 9 Maja 2014

Podczas każdego uruchamiania windwosa 7 wyłącza mi się ten syswow64 folder. Bardzo mnie to denerwuje. W załączniku dodam OTL i Extras. Proszę o pomoc

OTL.Txt

Extras.Txt

camillo2001 · 10 Maja 2014

Gdy wróciłem z treningu i włączyłem komputer dalej włącz się ten folder.

Janusz. · 10 Maja 2014

No dlatego poprosiłem o nowy log bo nie byłem pewny czy wszystko zostało wywalone.

camillo2001 · 10 Maja 2014

No dlatego poprosiłem o nowy log bo nie byłem pewny czy wszystko zostało wywalone.

OTL.Txt

Janusz. · 10 Maja 2014

~~winą mogą być te wpisy~~

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

~~a zwłaszcza ten 2. wolę ich nie ruszać.~~ może @rafor4 będzie miał jakiś pomysł :x

camillo2001 · 10 Maja 2014

czyli co teraz?

winą mogą być te wpisy
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
a zwłaszcza ten 2. wolę ich nie ruszać. może @rafor4 będzie miał jakiś pomysł :x

i com mam zrobić?

Nezvik · 11 Maja 2014

Wykonaj:

:OTL
PRC - [2012/06/28 14:53:52 | 000,695,448 | ---- | M] () -- C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe
MOD - [2014/04/06 20:29:52 | 004,296,192 | ---- | M] () -- c:\progra~2\gssupp~1\assist~1.dll
MOD - [2012/06/28 14:53:52 | 000,695,448 | ---- | M] () -- C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
O1 - Hosts: 46.23.70.78 pagead2.googlesyndication.com
O1 - Hosts: 46.23.70.78 pagead2.googlesyndication.com
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Safeweb) - {896CB78A-53EA-A4DA-8A2F-2ACD2D89F29D} - C:\Program Files (x86)\Safeweb\qehi_72.dll ()
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (GrreattSaave4U) - {A88D8F51-79DF-D0F1-F939-A60416902DF0} - C:\ProgramData\GrreattSaave4U\NB4Xx5N6.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - Startup: C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sql.cmd ()
O4 - Startup: C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O20 - AppInit_DLLs: (c:\progra~2\gssupp~1\assist~1.dll) - c:\progra~2\gssupp~1\assist~1.dll ()
O31 - SafeBoot: AlternateShell - 774053878306l.exe
[2014/04/25 19:40:45 | 000,000,000 | -HSD | C] -- C:\Users\Ana\AppData\Local\EmieUserList
[2014/04/25 19:40:45 | 000,000,000 | -HSD | C] -- C:\Users\Ana\AppData\Local\EmieSiteList
[2014/04/21 20:35:58 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{540DDB29-6A21-49AB-B251-B160E6CEEE6A}
[2014/04/21 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{86E125D2-3651-4660-8CAF-3C7740894916}
[2014/04/21 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{C57A27EE-F7F5-4D57-ACF0-DB28B2FD3A40}
[2014/04/21 15:56:56 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{89F4237F-A23A-41FB-A531-98DFBC864200}
[2014/04/19 19:13:20 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{3B4B4C49-1264-4D24-A62D-25B5FFC4E59D}
[2014/04/17 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{974AD7C0-BF9C-43C4-99C6-C80A58380468}
[2014/04/16 17:47:29 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{2B31FB38-A1DB-437B-A6E5-7E53F360B639}
[2014/04/16 17:44:51 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{DF384D49-E4A2-44D8-9AAC-CA37F7ECD351}
[2014/04/16 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{2FEE5F01-45B6-4670-A978-78C1EBCEC12C}
[2014/04/15 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{E3932390-B07D-413D-AF62-8C3FCE5C1DC0}
[2014/04/13 16:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\GrreattSaave4U
[2014/05/10 16:32:02 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/05/10 16:31:48 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/05/10 16:31:41 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/05/10 16:30:44 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/05/07 19:00:07 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014/04/08 20:46:35 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2014/04/08 20:46:35 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2014/04/08 20:43:27 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2014/01/09 16:40:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/18 11:59:03 | 000,574,464 | ---- | C] () -- C:\Windows\uninstall.exe
[2013/11/18 20:08:18 | 000,000,000 | -HS- | C] () -- C:\Windows\Ti878306ta.exe
[2013/09/08 18:52:46 | 000,001,233 | ---- | C] () -- C:\Users\Ana\AppData\Local\JunkAtx.bin
[2013/09/08 18:52:37 | 000,012,393 | ---- | C] () -- C:\Users\Ana\AppData\Local\Update.17.Bron.Tok.bin
[2013/09/08 18:22:28 | 000,012,393 | ---- | C] () -- C:\Users\Ana\AppData\Local\Bron.tok.A17.em.bin
 
[2013/08/14 12:28:40 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/07/20 12:00:45 | 000,384,844 | ---- | C] () -- C:\Users\Ana\AppData\Local\funmoods-speeddial.crx
[2012/07/20 12:00:39 | 000,031,465 | ---- | C] () -- C:\Users\Ana\AppData\Local\funmoods.crx
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\winlogon.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\smss.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\services.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\lsass.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\inetinfo.exe
 

:Files
C:\Users\Ana\AppData\Local\Bron*
C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe

Wstaw nowy log OTL, powiedz czy błąd nadal występuje.

camillo2001 · 11 Maja 2014

Wykonaj:

:OTL
PRC - [2012/06/28 14:53:52 | 000,695,448 | ---- | M] () -- C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe
MOD - [2014/04/06 20:29:52 | 004,296,192 | ---- | M] () -- c:\progra~2\gssupp~1\assist~1.dll
MOD - [2012/06/28 14:53:52 | 000,695,448 | ---- | M] () -- C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
O1 - Hosts: 46.23.70.78 pagead2.googlesyndication.com
O1 - Hosts: 46.23.70.78 pagead2.googlesyndication.com
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Safeweb) - {896CB78A-53EA-A4DA-8A2F-2ACD2D89F29D} - C:\Program Files (x86)\Safeweb\qehi_72.dll ()
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (GrreattSaave4U) - {A88D8F51-79DF-D0F1-F939-A60416902DF0} - C:\ProgramData\GrreattSaave4U\NB4Xx5N6.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - Startup: C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sql.cmd ()
O4 - Startup: C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O20 - AppInit_DLLs: (c:\progra~2\gssupp~1\assist~1.dll) - c:\progra~2\gssupp~1\assist~1.dll ()
O31 - SafeBoot: AlternateShell - 774053878306l.exe
[2014/04/25 19:40:45 | 000,000,000 | -HSD | C] -- C:\Users\Ana\AppData\Local\EmieUserList
[2014/04/25 19:40:45 | 000,000,000 | -HSD | C] -- C:\Users\Ana\AppData\Local\EmieSiteList
[2014/04/21 20:35:58 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{540DDB29-6A21-49AB-B251-B160E6CEEE6A}
[2014/04/21 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{86E125D2-3651-4660-8CAF-3C7740894916}
[2014/04/21 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{C57A27EE-F7F5-4D57-ACF0-DB28B2FD3A40}
[2014/04/21 15:56:56 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{89F4237F-A23A-41FB-A531-98DFBC864200}
[2014/04/19 19:13:20 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{3B4B4C49-1264-4D24-A62D-25B5FFC4E59D}
[2014/04/17 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{974AD7C0-BF9C-43C4-99C6-C80A58380468}
[2014/04/16 17:47:29 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{2B31FB38-A1DB-437B-A6E5-7E53F360B639}
[2014/04/16 17:44:51 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{DF384D49-E4A2-44D8-9AAC-CA37F7ECD351}
[2014/04/16 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{2FEE5F01-45B6-4670-A978-78C1EBCEC12C}
[2014/04/15 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{E3932390-B07D-413D-AF62-8C3FCE5C1DC0}
[2014/04/13 16:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\GrreattSaave4U
[2014/05/10 16:32:02 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/05/10 16:31:48 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/05/10 16:31:41 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/05/10 16:30:44 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/05/07 19:00:07 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014/04/08 20:46:35 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2014/04/08 20:46:35 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2014/04/08 20:43:27 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2014/01/09 16:40:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/18 11:59:03 | 000,574,464 | ---- | C] () -- C:\Windows\uninstall.exe
[2013/11/18 20:08:18 | 000,000,000 | -HS- | C] () -- C:\Windows\Ti878306ta.exe
[2013/09/08 18:52:46 | 000,001,233 | ---- | C] () -- C:\Users\Ana\AppData\Local\JunkAtx.bin
[2013/09/08 18:52:37 | 000,012,393 | ---- | C] () -- C:\Users\Ana\AppData\Local\Update.17.Bron.Tok.bin
[2013/09/08 18:22:28 | 000,012,393 | ---- | C] () -- C:\Users\Ana\AppData\Local\Bron.tok.A17.em.bin
 
[2013/08/14 12:28:40 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/07/20 12:00:45 | 000,384,844 | ---- | C] () -- C:\Users\Ana\AppData\Local\funmoods-speeddial.crx
[2012/07/20 12:00:39 | 000,031,465 | ---- | C] () -- C:\Users\Ana\AppData\Local\funmoods.crx
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\winlogon.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\smss.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\services.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\lsass.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\inetinfo.exe
 

:Files
C:\Users\Ana\AppData\Local\Bron*
C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe

Wstaw nowy log OTL, powiedz czy błąd nadal występuje.

OTL.Txt

camillo2001 · 11 Maja 2014

Wykonaj:

:OTL
PRC - [2012/06/28 14:53:52 | 000,695,448 | ---- | M] () -- C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe
MOD - [2014/04/06 20:29:52 | 004,296,192 | ---- | M] () -- c:\progra~2\gssupp~1\assist~1.dll
MOD - [2012/06/28 14:53:52 | 000,695,448 | ---- | M] () -- C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
O1 - Hosts: 46.23.70.78 pagead2.googlesyndication.com
O1 - Hosts: 46.23.70.78 pagead2.googlesyndication.com
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Safeweb) - {896CB78A-53EA-A4DA-8A2F-2ACD2D89F29D} - C:\Program Files (x86)\Safeweb\qehi_72.dll ()
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (GrreattSaave4U) - {A88D8F51-79DF-D0F1-F939-A60416902DF0} - C:\ProgramData\GrreattSaave4U\NB4Xx5N6.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1320080679-4065846851-3746739224-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - Startup: C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sql.cmd ()
O4 - Startup: C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O20 - AppInit_DLLs: (c:\progra~2\gssupp~1\assist~1.dll) - c:\progra~2\gssupp~1\assist~1.dll ()
O31 - SafeBoot: AlternateShell - 774053878306l.exe
[2014/04/25 19:40:45 | 000,000,000 | -HSD | C] -- C:\Users\Ana\AppData\Local\EmieUserList
[2014/04/25 19:40:45 | 000,000,000 | -HSD | C] -- C:\Users\Ana\AppData\Local\EmieSiteList
[2014/04/21 20:35:58 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{540DDB29-6A21-49AB-B251-B160E6CEEE6A}
[2014/04/21 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{86E125D2-3651-4660-8CAF-3C7740894916}
[2014/04/21 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{C57A27EE-F7F5-4D57-ACF0-DB28B2FD3A40}
[2014/04/21 15:56:56 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{89F4237F-A23A-41FB-A531-98DFBC864200}
[2014/04/19 19:13:20 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{3B4B4C49-1264-4D24-A62D-25B5FFC4E59D}
[2014/04/17 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{974AD7C0-BF9C-43C4-99C6-C80A58380468}
[2014/04/16 17:47:29 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{2B31FB38-A1DB-437B-A6E5-7E53F360B639}
[2014/04/16 17:44:51 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{DF384D49-E4A2-44D8-9AAC-CA37F7ECD351}
[2014/04/16 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{2FEE5F01-45B6-4670-A978-78C1EBCEC12C}
[2014/04/15 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Ana\AppData\Local\{E3932390-B07D-413D-AF62-8C3FCE5C1DC0}
[2014/04/13 16:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\GrreattSaave4U
[2014/05/10 16:32:02 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/05/10 16:31:48 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/05/10 16:31:41 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/05/10 16:30:44 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/05/07 19:00:07 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014/04/08 20:46:35 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2014/04/08 20:46:35 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2014/04/08 20:43:27 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2014/01/09 16:40:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/18 11:59:03 | 000,574,464 | ---- | C] () -- C:\Windows\uninstall.exe
[2013/11/18 20:08:18 | 000,000,000 | -HS- | C] () -- C:\Windows\Ti878306ta.exe
[2013/09/08 18:52:46 | 000,001,233 | ---- | C] () -- C:\Users\Ana\AppData\Local\JunkAtx.bin
[2013/09/08 18:52:37 | 000,012,393 | ---- | C] () -- C:\Users\Ana\AppData\Local\Update.17.Bron.Tok.bin
[2013/09/08 18:22:28 | 000,012,393 | ---- | C] () -- C:\Users\Ana\AppData\Local\Bron.tok.A17.em.bin
 
[2013/08/14 12:28:40 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/07/20 12:00:45 | 000,384,844 | ---- | C] () -- C:\Users\Ana\AppData\Local\funmoods-speeddial.crx
[2012/07/20 12:00:39 | 000,031,465 | ---- | C] () -- C:\Users\Ana\AppData\Local\funmoods.crx
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\winlogon.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\smss.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\services.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\lsass.exe
[2006/03/16 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\Ana\AppData\Local\inetinfo.exe
 

:Files
C:\Users\Ana\AppData\Local\Bron*
C:\Users\Ana\AppData\Roaming\BrowserCompanion\tcbhn.exe

Wstaw nowy log OTL, powiedz czy błąd nadal występuje.

uruchomiłem ponownie komputer i nic dalej folder sam się włącza.

Nezvik · 11 Maja 2014

Wykonaj jeszcze raz podany przeze mnie fix. Wstaw tym razem log z usuwania.

camillo2001 · 11 Maja 2014

Wykonaj jeszcze raz podany przeze mnie fix. Wstaw tym razem log z usuwania.

Wstaw tym razem log z usuwania ? Nie rozumiem.

Janusz. · 11 Maja 2014

Po wykonaniu fixa otworzy ci się notatnik. skopiuj jego zawartość i wklej na wklej.org (nie do załącznika, nie wprost do tematu tylko na strone wklej.org.)

camillo2001 · 11 Maja 2014

dobra zrobiłem jeszcze raz i wyszło sprawdzam czy działa

camillo2001 · 11 Maja 2014

dalej nic

Po wykonaniu fixa otworzy ci się notatnik. skopiuj jego zawartość i wklej na wklej.org (nie do załącznika, nie wprost do tematu tylko na strone wklej.org.)

i co teraz?

Janusz. · 11 Maja 2014

Prosiłem o FIXLOGA. dostarcz go.

camillo2001 · 11 Maja 2014

Prosiłem o FIXLOGA. dostarcz go.

Proszę

http://www.mediafire.com/view/jxfy9xurwdit19f/05112014_181711.log

Nezvik · 11 Maja 2014

Wstaw nowy log OTL.

camillo2001 · 12 Maja 2014

Wstaw nowy log OTL.

OTL.Txt

Nezvik · 12 Maja 2014

w OTL wykonaj (kosmetyka):

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Commands
[EMPTYTEMP]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Log jest już czysty. Wykonaj pełne skanowanie programem Malware Bytes, jeśli problem nadal występuje

camillo2001 · 12 Maja 2014

Niestety problem nadal występuje a przy ikonkach pojawił mi się taki znaczek "uruchm jako administrator" widać w ss

Nezvik · 12 Maja 2014

Jest to normalne w systemie windows 7, że niektóre programy muszą być uruchamiane z uprawnieniami administratora.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

Ten wpis świadczył o tym, że nie musiałeś uruchamiać jako administrator, jednak jest on nieporządny i nie powinien istnieć w systemie w powyższej wersji. Komputer jest już wolny od infekcji. Nie mam pojęcia co może powodować problem. Przeskanuj podanym wyżej programem i wykonaj skan ccleanerem. Musi pomóc.

camillo2001 · 13 Maja 2014

Jest to normalne w systemie windows 7, że niektóre programy muszą być uruchamiane z uprawnieniami administratora.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
Ten wpis świadczył o tym, że nie musiałeś uruchamiać jako administrator, jednak jest on nieporządny i nie powinien istnieć w systemie w powyższej wersji. Komputer jest już wolny od infekcji. Nie mam pojęcia co może powodować problem. Przeskanuj podanym wyżej programem i wykonaj skan ccleanerem. Musi pomóc.

Niestety po sanowaniu i usunięciu problemów którę wykryły programy dalej nic nie pomogło. Ale i tak dzięki wszystkim za pomoc ;D

Nezvik · 13 Maja 2014

Ten folder musi byc wlaczany przez jakas pierdole. Tak czy inaczej system zostal oczyszczony z niezlego syfu i m.in. brontorka, czyli robaka spamujacego. Pomoc z folderem niestety nie potrafie, a wiem ze takie otwieranie czasem wkurza.

Zaloguj się

👋 Witaj na MPCForum!

Samo włączający się folder syswow64

Pytanie

47 odpowiedzi na to pytanie

Rekomendowane odpowiedzi

Zarchiwizowany