Prośba o sprawdzenie logów

[ShFil]

Logi są z hp dv6-(bodajże)2015sw.
otl.txt http://wklej.eu/index.php?id=fee0b70ec6
extras.txt http://wklej.eu/index.php?id=df7fef8c83
hijackthis http://wklej.eu/index.php?id=ecbefbfb5c
silent runner http://wklej.eu/index.php?id=e20092a831
rsit log.txt http://wklej.eu/index.php?id=17e8e325bd
rsit info http://wklej.eu/index.php?id=38ee89dd4c
tdsskiller http://wklej.eu/index.php?id=638a50283a
Autoruns http://www42.zippyshare.com/v/96033335/file.html
Pozdrawiam i proszę o pomoc.

[mateo8898]

W Autoruns odznacz i usuń:
zakładka Logon:

Microsoft Windows
Microsoft Windows

zakładka Scheduled Tasks:

wszystko

zakładka Services (tylko odznacz):

LightScribeService
Microsoft SharePoint Workspace Audit Service
odserv
ose
WinDefend
WMPNetworkSvc

Odinstaluj: Spybot - Search & Destroy, Codecv, QUICKfind server, blekko search bar, Norton Security Scan, uTorrentBar Toolbar

Następnie:
Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{CBB877FA-F81B-4CA2-9B89-6F956D300ABD}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKLM\..\SearchScopes\{CBB877FA-F81B-4CA2-9B89-6F956D300ABD}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
IE - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_PL&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={95424BF2-0964-4385-BE9D-856D8205B557}&mid=c7f6d97c3c8f47d08b55d16e55ddaab9-119288ed3aff4c591f8019ecbb8f8d6e78a77199&lang=pl&ds=xn011&pr=sa&d=2012-09-29 22:31:17&v=13.0.0.7&sap=hp
IE - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=101570&babsrc=SP_ss&mntrId=500b43d800000000000000271339434a
IE - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=11F418430F5294A29EBDA4505302E682&q={searchTerms}
IE - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={95424BF2-0964-4385-BE9D-856D8205B557}&mid=c7f6d97c3c8f47d08b55d16e55ddaab9-119288ed3aff4c591f8019ecbb8f8d6e78a77199&lang=pl&ds=xn011&pr=sa&d=2012-09-29 22:31:17&v=13.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\..\SearchScopes\{CBB877FA-F81B-4CA2-9B89-6F956D300ABD}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "https://isearch.avg.com/?cid={95424BF2-0964-4385-BE9D-856D8205B557}&mid=c7f6d97c3c8f47d08b55d16e55ddaab9-119288ed3aff4c591f8019ecbb8f8d6e78a77199&lang=pl&ds=xn011&pr=sa&d=&v=&sap=hp"
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=11F418430F5294A29EBDA4505302E682&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
C:\Users\Michalina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
[2012-01-04 20:01:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Michalina\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012-09-14 11:12:15 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Michalina\AppData\Roaming\mozilla\Firefox\Profiles\2e3otpq3.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2012-06-05 00:10:49 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Michalina\AppData\Roaming\mozilla\Firefox\Profiles\2e3otpq3.default\extensions\[email protected]
[2012-09-14 11:12:15 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
O2 - BHO: (no name) - {FB536D95-5D6E-495C-97F9-EAF531F24DB0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
[2012-12-21 21:36:01 | 000,000,000 | ---D | C] -- C:\SDFix

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"StartupDelayer"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=-
"Google Update"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"UpdatePRCShortCut"=-
SunJavaUpdateSched"=-
"HP Software Update"=-
"WirelessAssistant"=-
"BCSSync"=-
"DivXUpdate"=-

:Commands
[emptytemp]

Klikasz Wykonaj skrypt. Podajesz log z usuwania + nowe logi z OTL.

[ShFil]

Miałem problem z deaktywacją w Scheduled Tasks.(Nie zostało wykonane mapowanie między nazwami kont a identyfikatorami zabezpieczeń) Nie wykonałem skryptu bo zauważyłem, że siostra ma dwa wirtualne napędy, wykonywać jeszcze raz logi?

[mateo8898]

Uruchamiałeś Autoruns z prawokliku Uruchom jako administrator???

Co do skryptu, wykonaj bo wirtualne napędy nic tu nie mają do rzeczy.

[ShFil]

Tak, po usuwałem je ale bez deaktywacji. Zaraz dodam, logi.
Edit:
log z usuwania http://wklej.eu/index.php?id=3d463b95c0
otl.txt http://wklej.eu/index.php?id=3b41ec920e
extras.txt http://wklej.eu/index.php?id=1f3e81a159

[mateo8898]

Odinstaluj jeszcze Pasek narzędzi AOL 5.0

Wklej w OTL:

:OTL
IE - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Michalina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found
O3 - HKU\S-1-5-21-1897262481-975596492-2191375056-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)

Klikasz Wykonaj skrypt, później Sprzątanie

Przeczyść dysk oraz rejestr CCleaner

Zainstaluj SP1 http://www.instalki.pl/programy/download/Windows/aktualizacje/Windows_7_Service_Pack_1.html

Odinstaluj starą wersję czytnika .PDF:

Adobe Reader 9.1 - Polish

i zainstaluj najnowszą http://www.instalki.pl/programy/download/Windows/odczyt_edycja_pdf/Adobe_Reader.html

Zaktualizuj Firefoksa do najnowszej wersji (Firefox Pomoc O programie Firefox)