Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Zużycie procesora 100% ;x

mentos-173 20 Jun 2013 15:02 2880 19
Reply | New topic
  • #1
    mentos-173
    Level 9  
    Witam .
    Mam problem i myślę że mi w tym pomożecie , a mianowicie jest on taki że gdy uruchamiam komputer odrazu mam 100% zużycie procesora , obserwuje tu programem Advanced SystemCare.
    Co i jak mam zrobić aby było lepiej?
    Format nie wchodzi w gre ponieważ mam zbyt dużo plików itp. na komputerze .
    Proszę o pomoc jestem w tym kompletnie zielony.
  • #3
    Kolobos
    IT specialist
    Daj w załączniku oba logi z OTL oraz screen z Process Explorer.
  • #4
    mentos-173
    Level 9  
    Konfiguracja komputera, czyli? Ja nie ogarniam ;x
    Zużycie procesora 100% ;x
    Najlepiej by było jak by ktoś dobrze obeznany się ze mną skontaktował na gg - 33967015 było by najszybciej .
  • #5
    Kolobos
    IT specialist
    Widać, ze masz zainfekowany system. Czekam na logi z OTL. Na Google masz dokładną instrukcje jak użyć OTL i jakie opcje zmienić.

    Użyj tez AdwCleaner, opcja Delete.
  • #6
    mentos-173
    Level 9  
    Długo te logi z otl się robią? Bo od dobrych 15min mi otl skanuje skanuje i skanuje ;x
  • #7
    Kolobos
    IT specialist
    Możliwe, że się zawiesił. Poczekaj jeszcze z 10-20min, jeżeli skanowanie się nie zakończy to go wyłącz i spróbuj przeskanować w trybie awaryjnym. Przed skanowaniem użyj AdwCleaner, zrób tez skan przy pomocy mbam oraz cureit.
  • #9
    Kolobos
    IT specialist
    Odinstaluj:
    IObit Apps Toolbar v7.2
    Adobe Reader 9.5.5 - Polish, zmien na Foxit: http://ninite.com/foxit/
    Delta toolbar
    IObit Malware Fighter
    Advanced SystemCare 6

    Uzyj AdwCleaner, opcja Delete o ile jeszcze tego nie zrobiles.

    Wykonaj skrypt w OTL:

    :OTL
    PRC - [2013-06-07 18:28:06 | 001,302,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    PRC - [2013-06-07 17:10:22 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    SRV - [2013-06-07 17:10:22 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source=b&utm_...=WDCXWD800BB-88JHC0_WD-WMAM9D77658176581&ts=0
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source=b&utm_...=WDCXWD800BB-88JHC0_WD-WMAM9D77658176581&ts=0
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=...0BB-88JHC0_WD-WMAM9D77658176581&ts=1368202190
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_din2g&mntrId=683D00138F7A9593
    IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {6560D8A5-B7CA-425E-A020-D87266637F79}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=683D00138F7A9593
    IE - HKCU\..\SearchScopes\{6560D8A5-B7CA-425E-A020-D87266637F79}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
    FF - prefs.js..browser.search.order.1: "Delta Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www1.delta-search.com/?affID=121845&tt=gc_&babsrc=HP_ss&mntrId=683D00138F7A9593"
    FF - prefs.js..extensions.enabledAddons: amo%40dealplyshopping.com:2.0
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
    [2013-05-10 18:06:20 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Documents and Settings\Adam Ornowski\Application Data\mozilla\Firefox\Profiles\g8idsmhb.default\extensions\amo@dealplyshopping.com
    [2013-05-29 18:53:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\Adam Ornowski\Application Data\mozilla\Firefox\Profiles\g8idsmhb.default\extensions\ascsurfingprotection@iobit.com
    [2013-05-22 19:53:22 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Adam Ornowski\Application Data\mozilla\Firefox\Profiles\g8idsmhb.default\extensions\ffxtlbr@delta.com
    [2013-05-22 19:50:43 | 000,006,505 | ---- | M] () -- C:\Documents and Settings\Adam Ornowski\Application Data\mozilla\firefox\profiles\g8idsmhb.default\searchplugins\babylon.xml
    [2013-05-22 19:50:43 | 000,006,505 | ---- | M] () -- C:\Documents and Settings\Adam Ornowski\Application Data\mozilla\firefox\profiles\g8idsmhb.default\searchplugins\BrowserProtect.xml
    [2013-05-22 19:53:27 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Adam Ornowski\Application Data\mozilla\firefox\profiles\g8idsmhb.default\searchplugins\delta.xml
    [2013-06-15 22:09:02 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Adam Ornowski\Application Data\mozilla\firefox\profiles\g8idsmhb.default\searchplugins\yahoo.xml
    [2013-06-15 22:09:08 | 000,000,000 | ---D | M] (IObit Apps Toolbar) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
    O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
    O2 - BHO: (no name) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
    O4 - HKLM..\Run: [Bron-Spizaetus] File not found
    O4 - HKLM..\Run: [Bron-Spizaetus-cjhnltrt] C:\WINDOWS\ShellNew\bbm-trtlnhjc.exe ()
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKCU..\Run: [Tok-Cirrhatus] File not found
    O4 - HKCU..\Run: [Tok-Cirrhatus-3840] C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\br8703on.exe ()
    O4 - Startup: C:\Documents and Settings\Adam Ornowski\Start Menu\Programs\Startup\Empty.pif ()
    O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\sembako-cjzjlnh.exe") - C:\WINDOWS\sembako-cjzjlnh.exe ()
    O31 - SafeBoot: AlternateShell - cmd-bro-nlx.exe
    [2013-06-19 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-19
    [2013-06-15 22:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Apps Toolbar
    [2013-06-15 22:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
    [2013-06-15 22:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Application Data\File Scout
    [2013-06-13 06:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-13
    [2013-06-12 12:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-12
    [2013-06-11 01:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-11
    [2013-06-10 15:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-10
    [2013-06-09 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-9
    [2013-06-08 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-8
    [2013-06-07 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-7
    [2013-06-06 02:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-6
    [2013-06-04 17:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-4
    [2013-06-03 00:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-3
    [2013-06-02 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-2
    [2013-06-01 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-1
    [2013-05-31 11:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-31
    [2013-05-29 18:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Application Data\Search Settings
    [2013-05-29 18:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2013-05-29 10:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-29
    [2013-05-28 16:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-28
    [2013-05-27 16:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-27
    [2013-05-26 12:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-26
    [2013-05-25 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-25
    [2013-05-24 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-24
    [2013-05-22 19:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
    [2013-05-22 19:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
    [2013-05-22 19:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Application Data\Delta
    [2013-05-22 19:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2013-05-15 17:43:31 | 000,005,325 | ---- | C] () -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\JunkAtx18.bin
    [2013-05-15 17:33:02 | 000,000,010 | RHS- | C] () -- C:\WINDOWS\System32\sistem.sys
    [2011-12-30 13:42:35 | 000,045,427 | -H-- | C] () -- C:\WINDOWS\sembako-cjzjlnh.exe
    [2011-12-30 13:42:35 | 000,045,427 | ---- | C] () -- C:\WINDOWS\System32\DXBLCY.exe
    [2011-12-30 13:42:35 | 000,045,427 | ---- | C] () -- C:\WINDOWS\System32\cmd-bro-nlx.exe
    [2013-05-10 18:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\337
    [2013-05-22 19:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\BabSolution
    [2013-05-10 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\Babylon
    [2013-05-10 18:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\DealPly
    [2013-05-22 19:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\Delta
    [2013-05-10 18:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\Desk 365
    [2013-05-10 18:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\eDownload
    [2013-05-10 18:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\eIntaller
    [2013-06-15 22:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\File Scout
    [2013-06-15 22:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\Search Settings
    [2013-05-10 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2013-06-04 17:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
    [2013-06-20 14:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

    :Files
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\*.exe


    Po wykonaniu daj nowy log z OTL, ze skanowania.
  • #10
    mentos-173
    Level 9  
    Mam problem z programem AdwCleaner oraz np CCleaner taki że gdy chce go pobrać lub uruchomić komputer mi się restartuje ;x
  • #11
    Kolobos
    IT specialist
    Sprobuj pobrac po wykonaniu skryptu.
  • #13
    Kolobos
    IT specialist
    Uzyles w koncu AdwCleaner?

    W Chrome usun dodatki:
    Domain Error Assistant
    Amazon Shopping Assistant by Spigot
    Slick Savings
    Ebay Shopping Assistant by Spigot

    Zmien tez wyszukiwarke na Google.

    Wykonaj skrypt w OTL:

    :OTL
    DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
    DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys -- (RegFilter)
    O4 - HKLM..\Run: [Bron-Spizaetus] File not found
    O4 - HKLM..\Run: [Bron-Spizaetus-cjhnltrt] C:\WINDOWS\ShellNew\bbm-trtlnhjc.exe ()
    O4 - HKCU..\Run: [Tok-Cirrhatus] File not found
    O4 - HKCU..\Run: [Tok-Cirrhatus-3840] "C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\br8703on.exe" File not found
    O4 - Startup: C:\Documents and Settings\Adam Ornowski\Start Menu\Programs\Startup\Empty.pif ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools =
    O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\sembako-cjzjlnh.exe") - C:\WINDOWS\sembako-cjzjlnh.exe ()
    O31 - SafeBoot: AlternateShell - cmd-bro-nlx.exe
    [2013-06-19 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-19
    [2013-06-15 22:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Application Data\File Scout
    [2013-06-13 06:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-13
    [2013-06-12 12:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-12
    [2013-06-11 01:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-11
    [2013-06-10 15:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-10
    [2013-06-09 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-9
    [2013-06-08 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-8
    [2013-06-07 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-7
    [2013-06-06 02:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-6
    [2013-06-04 17:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-4
    [2013-06-03 00:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-3
    [2013-06-02 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-2
    [2013-06-01 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-1
    [2013-05-31 18:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Downloaded Installations
    [2013-05-31 11:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-31
    [2013-05-29 18:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2013-05-29 18:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Application Data\IObit
    [2013-05-29 10:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-29
    [2013-05-28 16:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-28
    [2013-05-27 16:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-27
    [2013-05-26 12:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-26
    [2013-05-25 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-25
    [2013-05-24 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-24
    [2013-05-22 19:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2013-12-18 19:06:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyUpdate.job
    [2013-05-15 17:43:31 | 000,005,325 | ---- | C] () -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\JunkAtx18.bin
    [2013-05-15 17:33:02 | 000,000,010 | RHS- | C] () -- C:\WINDOWS\System32\sistem.sys
    [2011-12-30 13:42:35 | 000,045,427 | -H-- | C] () -- C:\WINDOWS\sembako-cjzjlnh.exe
    [2011-12-30 13:42:35 | 000,045,427 | ---- | C] () -- C:\WINDOWS\System32\DXBLCY.exe
    [2011-12-30 13:42:35 | 000,045,427 | ---- | C] () -- C:\WINDOWS\System32\cmd-bro-nlx.exe

    Po wykonaniu daj log z wykonania oraz nowy log ze skanowania.

    Zrob tez skan przy pomocy mbam oraz cureit!
  • #14
    mentos-173
    Level 9  
    jak wgrałem ten skrypt to wyskoczyło mi :

    Error: Unable to interpret <DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys -- (UrlFilter) > in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys -- (RegFilter) > in the current context!
    Error: Unable to interpret <O4 - HKLM..\Run: [Bron-Spizaetus] File not found > in the current context!
    Error: Unable to interpret <O4 - HKLM..\Run: [Bron-Spizaetus-cjhnltrt] C:\WINDOWS\ShellNew\bbm-trtlnhjc.exe () > in the current context!
    Error: Unable to interpret <O4 - HKCU..\Run: [Tok-Cirrhatus] File not found > in the current context!
    Error: Unable to interpret <O4 - HKCU..\Run: [Tok-Cirrhatus-3840] "C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\br8703on.exe" File not found > in the current context!
    Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Adam Ornowski\Start Menu\Programs\Startup\Empty.pif () > in the current context!
    Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 > in the current context!
    Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = > in the current context!
    Error: Unable to interpret <O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\sembako-cjzjlnh.exe") - C:\WINDOWS\sembako-cjzjlnh.exe () > in the current context!
    Error: Unable to interpret <O31 - SafeBoot: AlternateShell - cmd-bro-nlx.exe > in the current context!
    Error: Unable to interpret <[2013-06-19 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-19 > in the current context!
    Error: Unable to interpret <[2013-06-15 22:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Application Data\File Scout > in the current context!
    Error: Unable to interpret <[2013-06-13 06:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-13 > in the current context!
    Error: Unable to interpret <[2013-06-12 12:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-12 > in the current context!
    Error: Unable to interpret <[2013-06-11 01:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-11 > in the current context!
    Error: Unable to interpret <[2013-06-10 15:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-10 > in the current context!
    Error: Unable to interpret <[2013-06-09 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-9 > in the current context!
    Error: Unable to interpret <[2013-06-08 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-8 > in the current context!
    Error: Unable to interpret <[2013-06-07 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-7 > in the current context!
    Error: Unable to interpret <[2013-06-06 02:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-6 > in the current context!
    Error: Unable to interpret <[2013-06-04 17:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-4 > in the current context!
    Error: Unable to interpret <[2013-06-03 00:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-3 > in the current context!
    Error: Unable to interpret <[2013-06-02 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-2 > in the current context!
    Error: Unable to interpret <[2013-06-01 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-1 > in the current context!
    Error: Unable to interpret <[2013-05-31 18:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Downloaded Installations > in the current context!
    Error: Unable to interpret <[2013-05-31 11:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-31 > in the current context!
    Error: Unable to interpret <[2013-05-29 18:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot > in the current context!
    Error: Unable to interpret <[2013-05-29 18:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Application Data\IObit > in the current context!
    Error: Unable to interpret <[2013-05-29 10:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-29 > in the current context!
    Error: Unable to interpret <[2013-05-28 16:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-28 > in the current context!
    Error: Unable to interpret <[2013-05-27 16:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-27 > in the current context!
    Error: Unable to interpret <[2013-05-26 12:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-26 > in the current context!
    Error: Unable to interpret <[2013-05-25 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-25 > in the current context!
    Error: Unable to interpret <[2013-05-24 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-24 > in the current context!
    Error: Unable to interpret <[2013-05-22 19:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer > in the current context!
    Error: Unable to interpret <[2013-12-18 19:06:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyUpdate.job > in the current context!
    Error: Unable to interpret <[2013-05-15 17:43:31 | 000,005,325 | ---- | C] () -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\JunkAtx18.bin > in the current context!
    Error: Unable to interpret <[2013-05-15 17:33:02 | 000,000,010 | RHS- | C] () -- C:\WINDOWS\System32\sistem.sys > in the current context!
    Error: Unable to interpret <[2011-12-30 13:42:35 | 000,045,427 | -H-- | C] () -- C:\WINDOWS\sembako-cjzjlnh.exe > in the current context!
    Error: Unable to interpret <[2011-12-30 13:42:35 | 000,045,427 | ---- | C] () -- C:\WINDOWS\System32\DXBLCY.exe > in the current context!
    Error: Unable to interpret <[2011-12-30 13:42:35 | 000,045,427 | ---- | C] () -- C:\WINDOWS\System32\cmd-bro-nlx.exe > in the current context!

    OTL by OldTimer - Version 3.2.69.0 log created on 06212013_130622
  • #15
    Kolobos
    IT specialist
    Nie widzisz, ze skrypt zaczyna sie od :OTL i zle skopiowales?! Wykonaj jeszcze raz...
  • #16
    mentos-173
    Level 9  
    okay teraz wywaliło :

    ========== OTL ==========
    Error: No service named UrlFilter was found to stop!
    Service\Driver key UrlFilter not found.
    File C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys not found.
    Error: No service named RegFilter was found to stop!
    Service\Driver key RegFilter not found.
    File C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus-cjhnltrt deleted successfully.
    C:\WINDOWS\ShellNew\bbm-trtlnhjc.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus-3840 deleted successfully.
    File C:\Documents and Settings\Adam Ornowski\Start Menu\Programs\Startup\Empty.pif not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\WINDOWS\sembako-cjzjlnh.exe" deleted successfully.
    C:\WINDOWS\sembako-cjzjlnh.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-19\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Application Data\File Scout\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-13\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-12\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-11\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-10\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-9\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-8\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-7\ not found.
    Folder C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-6\ not found.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-4 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-3 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-2 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-1 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Downloaded Installations folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-31 folder moved successfully.
    C:\Program Files\Common Files\Spigot\GC folder moved successfully.
    C:\Program Files\Common Files\Spigot folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit\Smart Defrag 2 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit\IObit Uninstaller folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit\IObit Malware Fighter folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit\Advanced SystemCare V6\Log folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit\Advanced SystemCare V6\Backup folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit\Advanced SystemCare V6 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Application Data\IObit folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-29 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-28 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-27 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-26 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-25 folder moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Bron.tok-18-24 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer folder moved successfully.
    C:\WINDOWS\tasks\DealPlyUpdate.job moved successfully.
    C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\JunkAtx18.bin moved successfully.
    C:\WINDOWS\System32\sistem.sys moved successfully.
    C:\WINDOWS\sembako-cjzjlnh.exe moved successfully.
    C:\WINDOWS\System32\DXBLCY.exe moved successfully.
    C:\WINDOWS\System32\cmd-bro-nlx.exe moved successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 06212013_134025

    mbam robie szybki skan od 40min i jest narazie 21 zago.
  • #17
    Kolobos
    IT specialist
    Jak juz skonczysz to daj nowy log z OTL ze skanowania.
  • #18
    mentos-173
    Level 9  
    przeskanowałem mbam do końca , pousuwałem wirusy ale teraz jak odpalam komputer wyskakuje mi info że brakuje jakiegoś pliku ... Dodaje raport ze skanowania mbam oraz logi z otl:

    Zainstalowałem AdwCleaner zrobiłem opcje delete i po restarcie dostałem raport

    # AdwCleaner v2.303 - Logfile created 06/22/2013 at 11:08:08
    # Updated 08/06/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Adam Ornowski - KOMP-B8739174DE
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Adam Ornowski\My Documents\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\DOCUME~1\ADAMOR~1\LOCALS~1\Temp\Desk365
    Folder Deleted : C:\Documents and Settings\Adam Ornowski\Application Data\337
    Folder Deleted : C:\Documents and Settings\Adam Ornowski\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\Adam Ornowski\Application Data\DealPly
    Folder Deleted : C:\Documents and Settings\Adam Ornowski\Application Data\Desk 365
    Folder Deleted : C:\Documents and Settings\Adam Ornowski\Application Data\eDownload
    Folder Deleted : C:\Documents and Settings\Adam Ornowski\Application Data\eIntaller
    Folder Deleted : C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\lollipop
    Folder Deleted : C:\Documents and Settings\Adam Ornowski\Start Menu\Programs\DealPly
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\eSafe
    Folder Deleted : C:\Program Files\Common Files\337
    Folder Deleted : C:\Program Files\Desk 365

    ***** [Registry] *****

    Key Deleted : HKCU\Software\5dedd8dbc6fec45
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\BabSolution
    Key Deleted : HKCU\Software\BI
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\DealPly
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\lollipop
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKLM\SOFTWARE\5dedd8dbc6fec45
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\DealPly
    Key Deleted : HKLM\Software\Desksvc
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\qvo6Software
    Key Deleted : HKLM\Software\Tarma Installer
    Key Deleted : HKLM\Software\V9

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?affID=121845&tt=gc_&babsrc=NT_ss&mntrId=683D00138F7A9593 --> hxxp://www.google.com

    -\\ Mozilla Firefox v20.0.1 (pl)

    File : C:\Documents and Settings\Adam Ornowski\Application Data\Mozilla\Firefox\Profiles\g8idsmhb.default\prefs.js

    C:\Documents and Settings\Adam Ornowski\Application Data\Mozilla\Firefox\Profiles\g8idsmhb.default\user.js ... Deleted !

    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("extensions.delta.admin", false);
    Deleted : user_pref("extensions.delta.aflt", "babsst");
    Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Deleted : user_pref("extensions.delta.dfltLng", "en");
    Deleted : user_pref("extensions.delta.excTlbr", false);
    Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
    Deleted : user_pref("extensions.delta.id", "683d8c0400000000000000138f7a9593");
    Deleted : user_pref("extensions.delta.instlDay", "15835");
    Deleted : user_pref("extensions.delta.instlRef", "sst");
    Deleted : user_pref("extensions.delta.newTab", false);
    Deleted : user_pref("extensions.delta.prdct", "delta");
    Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Deleted : user_pref("extensions.delta.rvrt", "false");
    Deleted : user_pref("extensions.delta.smplGrp", "none");
    Deleted : user_pref("extensions.delta.tlbrId", "base");
    Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
    Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
    Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1620:02:04");

    -\\ Google Chrome v27.0.1453.116

    File : C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [7436 octets] - [22/06/2013 11:08:08]

    ########## EOF - C:\AdwCleaner[S1].txt - [7496 octets] ##########
    Attachments:
  • #19
    Kolobos
    IT specialist
    Usun to co wykryl mbam.


    Odinstaluj:
    AVG SafeGuard toolbar

    Wykonaj skrypt w OTL:

    :OTL
    O4 - HKLM..\Run: [Bron-Spizaetus-ckijlpsw] "C:\WINDOWS\ShellNew\bbm-wspljikc.exe" File not found
    O4 - HKCU..\Run: [Tok-Cirrhatus] File not found
    O4 - HKCU..\Run: [Tok-Cirrhatus-3840] "C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\br8703on.exe" File not found
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\sembako-cjzjlnh.exe") - File not found
    O31 - SafeBoot: AlternateShell - cmd-bro-nlx.exe
    [2013-06-20 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Ornowski\Application Data\AVG SafeGuard toolbar
    [2013-06-20 18:49:32 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
    [2013-06-20 18:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
    [2013-06-21 13:46:32 | 000,005,325 | ---- | M] () -- C:\Documents and Settings\Adam Ornowski\Local Settings\Application Data\JunkAtx18.bin
    [2013-06-21 13:46:02 | 000,000,010 | RHS- | M] () -- C:\WINDOWS\System32\sistem.sys
    [2013-05-10 18:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\337
    [2013-06-20 18:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\AVG SafeGuard toolbar
    [2013-05-10 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\Babylon
    [2013-05-10 18:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\DealPly
    [2013-05-10 18:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\Desk 365
    [2013-05-10 18:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\eDownload
    [2013-05-10 18:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Ornowski\Application Data\eIntaller
    [2013-05-10 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon

    :Commands
    [emptytemp]

    Po wykonaniu daj nowy log ze skanowania.
Reply | New topic