Proszę o sprawdzenie logów pod kątem infekcji. Avast wykazał infekcję, ale nie usunął wszystkich szkodników. Skanowałem komputer Kasperskim z płyty ratunkowej. Wykrył m.in. Trojan-Downloader.Win32.MultiDl.r oraz Trojan.Win32.Bromngr.o. Nie wyświetla się folder “Nasze dokumenty” na dysku D:.
Pozdrawiam.
Extras: http://wklej.to/7GGli
Odinstaluj:
BuzzSearch
Ask Toolbar
Mobogenie
Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.
Pokaż nowy log z OTL bez Extras.
Do okna Własne opcje skanowania / skrypt wklej:
:OTL
IE - HKU\S-1-5-21-397330479-2541648650-3957197338-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=D0C3E0CB4E8EA94A&affID=121565&tt=250913_cpn2&tsp=5019
IE - HKU\S-1-5-21-397330479-2541648650-3957197338-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=D0C3E0CB4E8EA94A&affID=121565&tt=250913_cpn2&tsp=5019
IE - HKU\S-1-5-21-397330479-2541648650-3957197338-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D0C3E0CB4E8EA94A&affID=121565&tt=250913_cpn2&tsp=5019
[2014/03/02 11:55:48 | 000,532,341 | ---- | M] () (No name found) -- C:\Users\manusz\AppData\Roaming\mozilla\firefox\profiles\k4ir6jj0.default\extensions\toolbar_CLM-V7@apn.ask.com.xpi
[2014/03/13 19:31:15 | 000,008,340 | ---- | M] () (No name found) -- C:\Users\manusz\AppData\Roaming\mozilla\firefox\profiles\k4ir6jj0.default\extensions\{ba099a85-e825-4802-83e7-d386a5b4a734}.xpi
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-397330479-2541648650-3957197338-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-397330479-2541648650-3957197338-1003..\Run: [Galileo] C:\Users\to my\AppData\Local\Galileo\galileo.exe silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O20 - AppInit_DLLs: (c:\progra~3\bitguard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.dll) - File not found
[2014/03/13 19:00:22 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\PC Fresh.job
[2013/09/15 15:15:51 | 000,000,000 | -H-D | M] -- C:\Users\to my\AppData\Roaming\pwo6
:Commands
[emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
All processes killed
========== OTL ==========
HKU\S-1-5-21-397330479-2541648650-3957197338-1001\SOFTWARE\Microsoft\Internet Explorer\Main\bProtector Start Page| /E : value set successfully!
HKU\S-1-5-21-397330479-2541648650-3957197338-1001\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-397330479-2541648650-3957197338-1001\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Users\manusz\AppData\Roaming\mozilla\firefox\profiles\k4ir6jj0.default\extensions\toolbar_CLM-V7@apn.ask.com.xpi moved successfully.
C:\Users\manusz\AppData\Roaming\mozilla\firefox\profiles\k4ir6jj0.default\extensions{ba099a85-e825-4802-83e7-d386a5b4a734}.xpi moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-397330479-2541648650-3957197338-1001\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-397330479-2541648650-3957197338-1003\Software\Microsoft\Windows\CurrentVersion\Run\Galileo deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls:c:\progra~3\bitguard\2.6.1694.246{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.dll deleted successfully.
C:\Windows\Tasks\PC Fresh.job moved successfully.
C:\Users\to my\AppData\Roaming\pwo6 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: manusz
->Temp folder emptied: 213652353 bytes
->Temporary Internet Files folder emptied: 50614089 bytes
->FireFox cache emptied: 17284899 bytes
->Google Chrome cache emptied: 6247527 bytes
->Flash cache emptied: 602 bytes
User: mati
->Temp folder emptied: 4196788 bytes
->Temporary Internet Files folder emptied: 6400066 bytes
->Google Chrome cache emptied: 40272943 bytes
->Flash cache emptied: 492 bytes
User: Public
User: to my
->Temp folder emptied: 177283887 bytes
->Temporary Internet Files folder emptied: 349481000 bytes
->FireFox cache emptied: 391851774 bytes
->Google Chrome cache emptied: 314865989 bytes
->Flash cache emptied: 30928 bytes
User: wangzhisong
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 955262373 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3599847 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42293829 bytes
RecycleBin emptied: 1669739121 bytes
Total Files Cleaned = 4,047.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03132014_221708
Files\Folders moved on Reboot…
File move failed. C:\Users\to my\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\to my\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files…
Registry entries deleted on Reboot…
Extras: http://wklej.to/bQHEh
Wklej i kliknij Wykonaj skrypt:
:OTL
[2014/03/13 21:03:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania:
Aby usunąć wszystkie punkty przywracania
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware PRO.
Dziękuję, ale po wykonaniu tego wszystkiego, folder “D:\Nasze dokumenty” wciąż nie jest widoczny.
Skanowanie OTL obejmuje tylko dysk systemowy.
Jeżeli ten folder jest na dysku to wykorzystaj zainstalowany MultiCommander.
Widok > Panel eksploratora > Pokaż ukryte pliki i foldery
Zaznacz folder > Narzędzia > Zmień właściwości (atrybuty/czas) > Odznacz: Ukryty i Systemowy > OK
Dziękuję bardzo! 
Wszystko w porządku!
Pozdrawiam
