Czyszczenie zaśmieconego komputera

[kondziioPL]

Witam,
wstawiam logi z z zaśmieconego komputera proszę o sprawdzenie.

OTL:http://wklej.eu/index.php?id=542f4bab1b
Extras:http://wklej.eu/index.php?id=d22aa61a04
TDSSKiller:http://wklej.eu/index.php?id=deae6e00db

[mateo8898]

Odinstaluj Norton Security Scan

Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

Kod: Zaznacz wszystko

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=vsl
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - No CLSID value found
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{074C21E2-3B77-4B3F-A7D9-E4E59622EF0D}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=5a160cd1000000000000b482fe8d003b
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5a160cd1000000000000b482fe8d003b&tlver=1.4.19.19&affID=19949
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{4179ED28-0094-45eb-B743-1290A1B5FAFF}: "URL" = http://webalta.ru/poisk?q={searchTerms}
IE - HKU\S-1-5-21-356344813-1149218429-310559768
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{CCAD8533-2564-4D41-A87D-921BD97C12D6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647960&src=crm&q={searchTerms}&locale=&apn_ptnrs=8R&apn_dtid=YYYYYYYYPL&apn_uid=F78D70EA-5E72-409D-9399-A4AE1BE97E99&apn_sauid=3F308E69-D5B1-47EF-84D6-84D447B95891
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Polska Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=5a160cd1000000000000b482fe8d003b"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q="
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2012-02-20 15:41:37 | 000,000,000 | ---D | M] (Softonic-Polska Community Toolbar) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\8y8q2kde.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}
[2011-08-31 13:20:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\8y8q2kde.default\extensions\[email protected] [2012-01-13 21:08:53 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012-03-21 08:50:05 | 000,000,000 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\askcom.xml
[2011-07-31 14:55:40 | 000,000,933 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\conduit.xml
[2011-06-29 08:32:57 | 000,002,501 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\SearchResults.xml
[2011-07-06 17:14:41 | 000,003,915 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\SweetIM Search.xml
[2011-07-06 17:17:02 | 000,003,915 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\sweetim.xml
[2011-02-05 09:28:11 | 000,000,390 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\webalta-search.xml
[2011-08-12 04:51:25 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-01-13 21:42:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2010-10-26 16:57:38 | 000,002,036 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchppcb.xml
[2011-06-29 08:32:57 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\Toolbar\WebBrowser: (no name) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - No CLSID value found.
O4 - HKLM..\Run: [Intel AppUp(SM) center] "C:\Users\Victor\Desktop\IntelAppStore\bin\serviceManager.lnk" File not found
O4 - HKU\S-1-5-21-356344813-1149218429-3105597683-1000..\Run: [PCHDPlayer] C:\Program Files (x86)\pchd\PCHDPlayer.exe File not found
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
[2012-03-21 13:25:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-21 13:22:02 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-356344813-1149218429-3105597683-1000UA.job
[2012-03-21 10:25:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-21 10:22:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-356344813-1149218429-3105597683-1000Core.job
[2011-08-31 12:39:31 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2011-08-15 09:03:20 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011-03-01 15:34:06 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

:Files
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
C:\Users\Victor\AppData\Local\Temp*.html

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"=-
"SSDMonitor"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"=-
"TOSHIBA Online Product Information"=-

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania + nowe logi z OTL.

[kondziioPL]

Niestety ale zacina sie na pewnym etapie. Wrzucam screena.
http://img689.imageshack.us/img689/5051/beztytuubnv.png

[kominekl]

Niestety ale zacina sie na pewnym etapie. Wrzucam screena.
http://img689.imageshack.us/img689/5051/beztytuubnv.png

Spróbuj wykonać skrypt w trybie awaryjnym.

[kondziioPL]

Niestety to nic nie daje.

[kominekl]

Niestety to nic nie daje.

Już widzę błąd. Wykonaj skrypt z poniższego cytatu (poprawiłem tylko skrypt).

Odinstaluj Norton Security Scan

Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

Kod: Zaznacz wszystko

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=vsl
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - No CLSID value found
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{074C21E2-3B77-4B3F-A7D9-E4E59622EF0D}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=5a160cd1000000000000b482fe8d003b
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5a160cd1000000000000b482fe8d003b&tlver=1.4.19.19&affID=19949
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{4179ED28-0094-45eb-B743-1290A1B5FAFF}: "URL" = http://webalta.ru/poisk?q={searchTerms}
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{CCAD8533-2564-4D41-A87D-921BD97C12D6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647960&src=crm&q={searchTerms}&locale=&apn_ptnrs=8R&apn_dtid=YYYYYYYYPL&apn_uid=F78D70EA-5E72-409D-9399-A4AE1BE97E99&apn_sauid=3F308E69-D5B1-47EF-84D6-84D447B95891
IE - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Polska Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=5a160cd1000000000000b482fe8d003b"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q="
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2012-02-20 15:41:37 | 000,000,000 | ---D | M] (Softonic-Polska Community Toolbar) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\8y8q2kde.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}
[2011-08-31 13:20:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\8y8q2kde.default\extensions\[email protected] [2012-01-13 21:08:53 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012-03-21 08:50:05 | 000,000,000 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\askcom.xml
[2011-07-31 14:55:40 | 000,000,933 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\conduit.xml
[2011-06-29 08:32:57 | 000,002,501 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\SearchResults.xml
[2011-07-06 17:14:41 | 000,003,915 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\SweetIM Search.xml
[2011-07-06 17:17:02 | 000,003,915 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\sweetim.xml
[2011-02-05 09:28:11 | 000,000,390 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\8y8q2kde.default\searchplugins\webalta-search.xml
[2011-08-12 04:51:25 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-01-13 21:42:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2010-10-26 16:57:38 | 000,002,036 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchppcb.xml
[2011-06-29 08:32:57 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-356344813-1149218429-3105597683-1000\..\Toolbar\WebBrowser: (no name) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - No CLSID value found.
O4 - HKLM..\Run: [Intel AppUp(SM) center] "C:\Users\Victor\Desktop\IntelAppStore\bin\serviceManager.lnk" File not found
O4 - HKU\S-1-5-21-356344813-1149218429-3105597683-1000..\Run: [PCHDPlayer] C:\Program Files (x86)\pchd\PCHDPlayer.exe File not found
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
[2012-03-21 13:25:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-21 13:22:02 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-356344813-1149218429-3105597683-1000UA.job
[2012-03-21 10:25:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-21 10:22:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-356344813-1149218429-3105597683-1000Core.job
[2011-08-31 12:39:31 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2011-08-15 09:03:20 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011-03-01 15:34:06 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

:Files
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
C:\Users\Victor\AppData\Local\Temp*.html

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"=-
"SSDMonitor"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"=-
"TOSHIBA Online Product Information"=-

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania + nowe logi z OTL.

[kondziioPL]

log z usuwania: http://wklej.eu/index.php?id=10f7652391
OTL:http://wklej.eu/index.php?id=e33c8efd5e
Extras: http://wklej.eu/index.php?id=5e204d988a

[mateo8898]

W OTL wklej:

Kod: Zaznacz wszystko

:OTL
IE - HKCU\..\SearchScopes\{6514014A-9F27-4568-8DF1-B6DC56C70987}: "URL" = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

:Commands
[emptytemp]

Klikasz Wykonaj skrypt, później Sprzątanie

Przeczyść dysk oraz rejestr CCleaner

Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport (po uruchomieniu odrzuć okres testowy)

Zainstaluj SP1 http://www.instalki.pl/programy/download/Windows/aktualizacje/Windows_7_Service_Pack_1.html

Zaktualizuj IE do najnowszej wersji (nawet jeśli go nie używasz) http://www.instalki.pl/programy/download/Windows/przegladarki_www/Internet_Explorer_9.html

Odinstaluj starą wersję Javy:

Java(TM) 6 Update 29

i zainstaluj najnowszą http://www.instalki.pl/programy/download/Windows/biblioteki/Java_SE_Runtime_Environment_%28JRE%29_6.html

Odinstaluj starą wersję czytnika .PDF:

Adobe Reader 9.1 - Polish

i zainstaluj najnowszą http://www.instalki.pl/programy/download/Windows/odczyt_edycja_pdf/Adobe_Reader.html