Witam.
Niedawno pojawił mi się właśnie taki proces, do tego komp odpala się 15 min.
Ot l- http://wklej.org/id/1018954/
Extras - http://wklej.org/id/1018955/
MBAM cos tam wykrył, usunołem i dalej to samo...
Thx z góry.
UA: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS106449; .NET CLR 2.0.50727)
UA: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=1365421157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=1365421157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.portaldosites.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.portaldosites.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=0
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=1365421157
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.portaldosites.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=0
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.portaldosites.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=0
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={searchTerms}&affID=117380&tt=4612_3&babsrc=SP_ss&mntrId=a8a35aeb000000000000001966e1e498
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=prs&from=prs&uid=ST3250318AS_9VM2WTRCXXXX9VM2WTRC&ts=0
IE - HKU\S-1-5-21-1214440339-484061587-839522115-1003\..\SearchScopes\{DDB671E9-4938-4E81-A172-95FC5E6C1C68}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=en_PL&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^PL&apn_uid=82d6f9cd-d305-4f93-949c-c592cdfb5bd3&apn_sauid=223C68BE-9426-4AD3-AC74-8384B8E4B519
[2012-09-25 17:45:49 | 000,003,267 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
O2 - BHO: (DownTango Launcher) - {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} - C:\Documents and Settings\patryk\Dane aplikacji\DownTangoFTToolbar\DownTangoFTToolbar.dll (Simplytech Ltd.)
O3 - HKLM\..\Toolbar: (DownTango Launcher) - {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} - C:\Documents and Settings\patryk\Dane aplikacji\DownTangoFTToolbar\DownTangoFTToolbar.dll (Simplytech Ltd.)
O3 - HKU\S-1-5-21-1214440339-484061587-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-484061587-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\daneap~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
[2012-11-17 11:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2012-11-17 11:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patryk\Dane aplikacji\Babylon
[2012-11-01 13:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patryk\Dane aplikacji\DownTangoFTToolbar
:Files
C:\Documents and Settings\patryk\Dane aplikacji\DownTangoFTToolbar
:Commands
[emptytemp]
UA: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS106449; .NET CLR 2.0.50727)
UA: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
:OTL
O4 - HKU\S-1-5-21-1214440339-484061587-839522115-1003..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\patryk\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" File not found
UA: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS106449; .NET CLR 2.0.50727)
Zarejestrowani użytkownicy: Bing [Bot]