Internet explorer oszalał. Włącza się sam.

[zenon33]

Otóż tak jak w tytule. Co 5-10 minut wyskakuje komunikat, że ponownie uruchamia explorera. Ile razy bym nie wyłączył to nadal to samo.

Z góry dzięki !

Oczywiście logi

OTL: http://wklej.to/TQPmJ

Extras: http://wklej.to/B9CqD

[Nezvik]

Logi czyste. To wszystko.

[Nezvik]

Systemowa sieczka. Skończ pobierać masowo z torrentów i uważaj na clienty metina.

 

Odinstaluj: Iminent, SW-Sustainer, Windows Mobile Device Center, WindowsMangerProtect, WinZipper (jak czegoś nie będzie to pomiń)

Następnie w folderze, w którym znajduje się FRST, utwórz plik tekstowy o nazwie fixlist i wklej do niego podaną zawartość:

 

CloseProcesses:
C:\ProgramData\WindowsMangerProtect
C:\Program Files (x86)\WinZipper
C:\Program Files (x86)\YTDownloader
C:\ProgramData\ba8b7bf6-f41d-4bf7-9c04-dc3b18bfb4fb
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [VCVS01EN] => C:\Program Files\ACD Systems\ACDSee Video Studio\acdIDInTouch2.exe [1830728 2014-07-19] (ACD Systems)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\Policies\system: [NoDiESPCPL] 0
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\MountPoints2: {04a5ebb8-d9e4-11e3-ae05-5404a6b5cafb} - G:\Startme.exe
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\MountPoints2: {43257785-2b89-11e4-beb3-5404a6b5cafb} - E:\Setup.exe
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\MountPoints2: {544563a2-df5e-11e3-8f2c-5404a6b5cafb} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\MountPoints2: {94485e5f-2e32-11e0-95aa-6c626d7dda1f} - E:\Autorun.exe
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\MountPoints2: {a6ee71ba-ef81-11e2-bb9c-5404a6b5cafb} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\MountPoints2: {cb174597-375e-11e3-b696-806e6f6e6963} - D:\autorun.exe
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} =>  No File
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} =>  No File
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} =>  No File
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} =>  No File
AlternateShell: 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1408881161&from=smt&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1408881161&from=smt&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1408881161&from=smt&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1408881161&from=smt&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY&q={searchTerms}
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY&q={searchTerms}
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY&q={searchTerms}
URLSearchHook: HKLM-x32 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-2531227257-3890973931-1995647330-1000 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.wonderfulsearches.info/?l=1&q={searchTerms}&pid=970&r=2014/08/23&hid=1001376554726225846&lg=EN&cc=PL&unqvl=60
SearchScopes: HKU\.DEFAULT -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKU\S-1-5-21-2531227257-3890973931-1995647330-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2531227257-3890973931-1995647330-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2C125404A6B5CAFB&affID=129300&tsp=5419
SearchScopes: HKU\S-1-5-21-2531227257-3890973931-1995647330-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2531227257-3890973931-1995647330-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2531227257-3890973931-1995647330-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.wonderfulsearches.info/?l=1&q={searchTerms}&pid=970&r=2014/08/23&hid=1001376554726225846&lg=EN&cc=PL&unqvl=60
BHO: GuoSSave -> {0d9251d4-173e-4014-af6c-fafeffead248} -> C:\Program Files (x86)\GuoSSave\NNvl3vlaeRlvQT.x64.dll ()
BHO: Adblocker -> {190E9730-916C-E1F3-70CC-C18BA1863D9B} -> C:\Program Files (x86)\Adblocker\c.x64.dll No File
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO-x32: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Toolbar: HKU\S-1-5-21-2531227257-3890973931-1995647330-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF ProfilePath: C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i0uf1hf4.default
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchEngineS: WebSearch
FF DefaultSearchUrl: hxxp://websearch.wonderfulsearches.info/?pid=970&r=2014/08/23&hid=1001376554726225846&lg=EN&cc=PL&unqvl=60&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SearchEngineOrder.1S: WebSearch
FF SelectedSearchEngine: delta-homes
FF SelectedSearchEngine,S: WebSearch
FF SelectedSearchEngineS: WebSearch
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
FF SearchPlugin: C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i0uf1hf4.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i0uf1hf4.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF Extension: Security Protection - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i0uf1hf4.default\Extensions\[email protected] [2014-12-12]
FF Extension: iWebar - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i0uf1hf4.default\Extensions\[email protected] [2015-01-04]
FF Extension: Adblocker - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i0uf1hf4.default\Extensions\[email protected] [2014-08-23]
FF Extension: 35106bca6c7848c7ac2856df30b51d2a - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i0uf1hf4.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2015-01-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i0uf1hf4.default\extensions\[email protected]
CHR Extension: (Key Bar) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekobafpjjhenlpaamnojkagajfdpoelj [2014-12-03]
CHR Extension: (Security Protection) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2014-12-12]
CHR Extension: (oojbgadfejifecebmdnhhkbhdjaphole) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2015-01-08]
CHR HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\...\Chrome\Extension: [ekobafpjjhenlpaamnojkagajfdpoelj] - C:\Users\Dawid\AppData\Local\CRE\ekobafpjjhenlpaamnojkagajfdpoelj.crx [2012-07-27]
CHR HKLM-x32\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ajhcekcffkpnaednoeoegnmnjdlnjjmg] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dldmaohnecjgcofphbegpickmbngfohd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ekobafpjjhenlpaamnojkagajfdpoelj] - C:\Users\Dawid\AppData\Local\CRE\ekobafpjjhenlpaamnojkagajfdpoelj.crx [2012-07-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-08]
CHR HKLM-x32\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - No Path
CHR HKLM-x32\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ojepgopkodkeapmedlkfjbgmekijoalj] - No Path
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=sc&ts=1418363845&from=wpm12123&uid=ST3500418AS_5VMJKXMYXXXX5VMJKXMY
R2 MaintainerSvc2.70.0190075; C:\ProgramData\ba8b7bf6-f41d-4bf7-9c04-dc3b18bfb4fb\maintainer.exe [123688 2015-01-11] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-10] (Fuyu LIMITED) [File not signed]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425136 2014-11-26] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
R2 YTDUpdt; C:\Program Files (x86)\YTDownloader\YTDUpdater.exe [178688 2014-12-17] (Goobzo) [File not signed]
S2 Update Dolphin Deals; "C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe" [X]
S2 Util Dolphin Deals; "C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe" [X]
S3 TBPanel; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S1 {3486b041-6233-4c74-a2df-4357bf9704fe}w64; system32\drivers\{3486b041-6233-4c74-a2df-4357bf9704fe}w64.sys [X]
S1 {b0de24ee-22f8-4ccd-8f9f-adc01a555f9d}w64; system32\drivers\{b0de24ee-22f8-4ccd-8f9f-adc01a555f9d}w64.sys [X]
S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [X]
NETSVC: s7oppitx -> No ServiceDLL Path.
NETSVC: de_serv -> No ServiceDLL Path.
NETSVC: sit_bus -> No ServiceDLL Path.
NETSVC: EPSON_EB_RPCV4_01 -> No ServiceDLL Path.
NETSVC: plsremotesvc -> No ServiceDLL Path.
NETSVC: tunnelguardservice -> No ServiceDLL Path.
NETSVC: FireTDI -> No ServiceDLL Path.
NETSVC: vaiomediaplatform-mobile-gateway -> No ServiceDLL Path.
NETSVC: mwssched -> No ServiceDLL Path.
NETSVC: F700iat -> No ServiceDLL Path.
NETSVC: https-nassry -> No ServiceDLL Path.
NETSVC: cpqdmi -> No ServiceDLL Path.
2015-01-10 00:42 - 2015-01-10 00:42 - 00000000 ____D () C:\Users\Dawid\AppData\Roaming\gnmlomvt
2015-01-04 12:57 - 2015-01-04 12:57 - 01330664 _____ (Object Browser) C:\Users\Dawid\AppData\Roaming\FCG.exe
2015-01-04 12:56 - 2015-01-05 07:03 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-04 12:56 - 2015-01-04 20:02 - 00000000 ____D () C:\Program Files (x86)\29971fa6-24a8-4963-95e1-a01bd48299b3
2015-01-04 12:56 - 2015-01-04 12:56 - 01965032 _____ (Object Browser) C:\Users\Dawid\AppData\Roaming\ZFUE.exe
C:\Users\Dawid\AppData\Roaming\*.exe
2015-01-04 12:56 - 2015-01-04 12:56 - 00000000 ____D () C:\Users\Dawid\AppData\Local\globalUpdate
2015-01-04 12:55 - 2015-01-04 20:02 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2015-01-04 12:55 - 2015-01-04 12:55 - 00003734 _____ () C:\Windows\System32\Tasks\SMupdate1
2015-01-04 12:55 - 2015-01-04 12:55 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-12-20 22:44 - 2014-12-20 22:44 - 00000000 ____D () C:\Users\Dawid\AppData\Roaming\eCyber
2015-01-11 12:28 - 2014-10-31 10:33 - 00000000 ____D () C:\ProgramData\ba8b7bf6-f41d-4bf7-9c04-dc3b18bfb4fb
2015-01-10 21:02 - 2014-02-26 16:59 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-01-10 01:10 - 2011-12-07 16:26 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-12 06:57 - 2014-08-24 12:53 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
Task: {4151F47C-A1DA-4944-A7C5-0CB9C21B3BB9} - System32\Tasks\{7BD85F85-A824-47E5-8EE1-EBF428005D58} => pcalua.exe -a C:\Users\Dawid\AppData\Roaming\Uninstal.exe
Task: {51589083-34D1-4BCB-95B7-300A58D24CE2} - System32\Tasks\{E83E58B6-DF51-4AF7-98E3-E42F9893C892} => pcalua.exe -a C:\ProgramData\{2A082487-0FFF-4FD5-BE3C-DE59C1ECC4E0}\NFSU2_PL.exe -c REMOVE=TRUE MODIFY=FALSE
Task: {551BC200-8137-4E85-80D9-1151A45D3E26} - System32\Tasks\{DBBF3217-9848-4BBB-995B-3077AFC04626} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {6538EE45-A1D3-4E9B-85F9-E23945F5E953} - System32\Tasks\{0A8A34E3-96B7-44D3-BE8E-7F21C23D376C} => pcalua.exe -a C:\Users\Dawid\Downloads\PowerPoint-Viewer(12204).exe -d C:\Users\Dawid\Downloads
Task: {837E1CAB-62C9-401D-883D-322D8048DD3C} - System32\Tasks\{8B9531BC-DD68-4F87-A063-8DC19AECF0C0} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {83F3F8C2-4FA1-44FF-8BC4-892BDAADAAF1} - System32\Tasks\{86433751-3819-43A1-8589-A18854DAD3FC} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {92FF5D8A-9E07-4ACF-9B0F-3C1B9B5CF6E0} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {9798C247-405B-4144-98B6-F95020A406F8} - System32\Tasks\{88AC3E24-F1D6-4D5C-BD8A-C1D3B2D2BD5C} => pcalua.exe -a C:\Users\Dawid\Desktop\ComboFix.exe -d C:\Users\Dawid\Desktop
Task: {97D86BBB-CCB5-43CE-8764-32ECBDEAF4C2} - System32\Tasks\{7CB1E3E3-D9A3-42D6-973D-2BA3C7F6E488} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {99081B4C-E87A-4807-99F8-D4EAFED43E68} - System32\Tasks\{87700A51-7577-4E65-AD4B-3E74D4987DFC} => pcalua.exe -a C:\Users\Dawid\Downloads\SpyHunter-Installer(1).exe -d C:\Users\Dawid\Downloads
Task: {AF18941E-C229-4C7E-87A9-1769FF305ACE} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {B99DF146-6260-41BC-B823-FA97ABF836A7} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {CF298D7D-C79C-4423-9D3B-EB44E4EF6B60} - System32\Tasks\{EE5DE03F-48CF-4C6A-9FB3-4CAC73A54908} => pcalua.exe -a D:\setup.exe -d D:\
Task: {ED9B1CC1-7FD3-496B-9FA4-FC657EB108C0} - System32\Tasks\{A10FAED9-7D8F-43C4-8C70-75D2C9C7312A} => pcalua.exe -a C:\Users\Dawid\AppData\Local\Temp\Temp1_Dirt_1_2.zip\DiRt_1_2.exe
Task: {FABEE153-6DA0-46B2-9F92-C167B251329C} - System32\Tasks\{D6A846FA-5E65-4BCA-B9ED-AA1A0E07144A} => pcalua.exe -a "C:\gry\asasasssdsadasdfrfghykip;\MegaTrainer XL\MegaTrainerXL.exe" -d "C:\gry\asasasssdsadasdfrfghykip;\MegaTrainer XL"
2014-10-30 23:55 - 2015-01-11 12:28 - 00123688 _____ () C:\ProgramData\ba8b7bf6-f41d-4bf7-9c04-dc3b18bfb4fb\maintainer.exe
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:64217CD0
AlternateDataStreams: C:\ProgramData\TEMP:C5831B98
AlternateDataStreams: C:\Users\Dawid\Dane aplikacji:NT
AlternateDataStreams: C:\Users\Dawid\Dane aplikacji:NT2
AlternateDataStreams: C:\Users\Dawid\Downloads\ShakesandFidgetGenerator32__11424_il1864083 (1).exe:typelib
AlternateDataStreams: C:\Users\Dawid\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Dawid\AppData\Roaming:NT2
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-2531227257-3890973931-1995647330-1000\Software\Classes\exefile:  <===== ATTENTION!
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\N.js
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\U.js
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\N.js
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\U.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\N.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\U.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\N.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\U.js
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\N.js
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gdnkinlfhafbhipaojiinglfepphmehd\2.1\U.js
EmptyTemp: 

UWAGA! FIX PRZEZNACZONY TYLKO DLA DANEGO UŻYTKOWNIKA. WYKONANIE FIXU BEZ ZALECEŃ MOŻE SPOWODOWAĆ USZKODZENIE SYSTEMU.

 

Zapisz plik, otwórz FRST, kliknij w nim FIX. Po restarcie komputera wykonaj nowe logi FRST i dostarcz wygenerowany fixlog.

[Nezvik]

System poważnie zainfekowany. Dostarcz logi FRST.

[zenon33]

Oto log : http://wklej.to/jRTac

[Nezvik]

Dostarcz additional.txt.

[zenon33]

http://wklej.to/9F1FP

[zenon33]

Bardzo ci dziękuję ;D. Problem rozwiązany.

[zenon33]

Oto log: http://wklej.to/tZjRU

[Nezvik]

@zenon33

Wykonaj resztę moich poleceń.

Po restarcie komputera wykonaj nowe logi FRST i dostarcz wygenerowany fixlog. 

[zenon33]

Oj przepraszam . Już za chwilę będą.