Laptop - Wolna praca, wirusy, trojany, keylogery

[Kodek]

Witam, daje tutaj logi ponieważ mam problem z moim laptopem robiłem skanowanie malware to wykryło 73 wirusy rożnego rodzaju dałem usuń i zrobiłem ponownie skanowanie i było już czysto ale nie wiem czy ABY NA PEWNO.

GMER - http://wklej.org/id/1097772/

GMER Uslugi - http://wklej.org/id/1097774/

OTL - http://wklej.org/id/1097775/

Extras - http://wklej.org/id/1097778/

Autoruns - http://www3.zippyshare.com/v/71929689/file.html

[mateo8898]

Dorzuć log z tamtego skanu Malwarebytes. Dodatkowo wrzuć screenshot z HD Tune http://www.instalki.pl/programy/downloa ... _Tune.html z zakładki Health

[Kodek]

Dorzuć log z tamtego skanu Malwarebytes. Dodatkowo wrzuć screenshot z HD Tune http://www.instalki.pl/programy/downloa ... _Tune.html z zakładki Health

Nie mam tamtego loga bo usunąłem niestety, co do hd tune zakładka health to nic mi się nie pokazuje.

[mateo8898]

Logi czyste, kosmetyka.

Odinstaluj: SweetIM for Messenger 3.7, Internet Explorer Toolbar 4.6 by SweetPacks, Update Manager for SweetPacks 1.1.

W Autoruns usuń:
zakładka Scheduled Tasks:

\DealPly
\DealPlyUpdate
\DSite
\EasyDisplayMgr Easy Display Manager
\EPUpdater
\Funmoods

Następnie:

Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\SAWEK~1\AppData\Local\Temp\kwrdipod.sys -- (kwrdipod)
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^pl&si=pconverter&ptb=A85791C8-A810-4FD9-9486-2542505FB2B7&ind=2013062304&n=77fce4a0&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={91158C6E-179A-11E2-BB81-B482FE51724F}
IE - HKU\S-1-5-21-3612328161-1475991582-4067939760-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=110823&tt=120912_cpc_3912_4&babsrc=HP_ss&mntrId=427c1c07000000000000b482fec7cd59
IE - HKU\S-1-5-21-3612328161-1475991582-4067939760-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-3612328161-1475991582-4067939760-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=427CB482FEC7CD59&affID=120695&tt=180613_ndtc&tsp=4922
IE - HKU\S-1-5-21-3612328161-1475991582-4067939760-1000\..\SearchScopes\{2464C14E-2174-4792-B179-AD037F0298F6}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={91158C6E-179A-11E2-BB81-B482FE51724F}
IE - HKU\S-1-5-21-3612328161-1475991582-4067939760-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^pl&si=pconverter&ptb=A85791C8-A810-4FD9-9486-2542505FB2B7&ind=2013062304&n=77fce4a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-3612328161-1475991582-4067939760-1000\..\SearchScopes\67228491F0A34C76A5D0F5FECE9C4EE4: "URL" = http://isearch.avg.com/search?cid={130710E2-FD7F-4758-9344-C5D6DA3488FF}&mid=6695f7fcc7d947d096f065cbb8b59bbc-ae5c4e54566d42b56e5eceb7eae2f1e554cabe74&lang=pl&ds=xn011&pr=sa&d=2012-09-25 15:02:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[2013-06-23 10:52:07 | 000,006,546 | ---- | M] () -- C:\Users\Sławek\AppData\Roaming\mozilla\firefox\profiles\1z0d6ab8.default\searchplugins\babylon.xml
[2012-09-26 20:34:07 | 000,002,223 | ---- | M] () -- C:\Users\Sławek\AppData\Roaming\mozilla\firefox\profiles\1z0d6ab8.default\searchplugins\BabylonMngr.xml
[2013-07-22 23:40:26 | 000,002,402 | ---- | M] () -- C:\Users\Sławek\AppData\Roaming\mozilla\firefox\profiles\1z0d6ab8.default\searchplugins\bingp.xml
[2012-10-15 19:19:31 | 000,002,536 | ---- | M] () -- C:\Users\Sławek\AppData\Roaming\mozilla\firefox\profiles\1z0d6ab8.default\searchplugins\browsemngr.xml
[2013-06-23 10:52:07 | 000,006,546 | ---- | M] () -- C:\Users\Sławek\AppData\Roaming\mozilla\firefox\profiles\1z0d6ab8.default\searchplugins\BrowserDefender.xml
[2013-06-23 10:52:16 | 000,001,294 | ---- | M] () -- C:\Users\Sławek\AppData\Roaming\mozilla\firefox\profiles\1z0d6ab8.default\searchplugins\delta.xml
[2013-07-29 23:07:29 | 000,002,120 | ---- | M] () -- C:\Users\Sławek\AppData\Roaming\mozilla\firefox\profiles\1z0d6ab8.default\searchplugins\MyStart.xml
[2012-11-24 21:17:38 | 000,001,066 | ---- | M] () -- C:\Users\Sławek\AppData\Roaming\mozilla\firefox\profiles\1z0d6ab8.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
[2013-02-19 16:09:19 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O3 - HKLM\..\Toolbar: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKU\S-1-5-21-3612328161-1475991582-4067939760-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3612328161-1475991582-4067939760-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2013-06-19 10:30:16 | 000,000,000 | ---D | M] -- C:\Users\Sławek\AppData\Roaming\Funmoods
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt i podajesz log z usuwania.

[Kodek]

Usuwanie OTL - http://wklej.org/id/1098241/

[mateo8898]

W OTL Sprzątanie

Przeczyść dysk oraz rejestr CCleaner