Usunąłem programy wskazane przez OTL, później AdwCleaner i teraz wklejam raport z FRST
FRST - http://wklej.org/id/1553007/
Addition - http://wklej.org/id/1553009/
Proszę o dalsze wskazówki!
Otwórz Notatnik i wklej:
Task: C:\WINDOWS\Tasks\LAXBG.job = C:\Documents and Settings\0\Dane aplikacji\LAXBG.exe
Task: C:\WINDOWS\Tasks\YEUPY.job = C:\Documents and Settings\0\Dane aplikacji\YEUPY.exe
HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [upmbot_pl_95.exe] = C:\Documents and Settings\0\Ustawienia lokalne\Dane aplikacji\mbot_pl_95\upmbot_pl_95.exe -runhelper
HKLM\...\Run: [mbot_pl_94] = [X]
HKLM\...\Run: [GrooveMonitor] = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [mbot_pl_120] = [X]
HKLM\...\Run: [mbot_pl_95] = [X]
HKLM\...\Policies\Explorer\Run: [QuickTimeTask] = C:\Program Files\Applications\wcs.exe No File
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
BootExecute: autocheck autochk /p \\C:autocheck autochk *
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" ======= ATTENTION
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-854811316-1714634077-341355187-1008 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-854811316-1714634077-341355187-1008 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {AC542286-80FB-4B06-9463-F97E2D9C5F05} - C:\DOCUME~1\stacja\USTAWI~1\Temp\yayxwVNf.dll No File
BHO: No Name - {FA51C43D-A263-4525-B88A-CFDFCBC9E793} - C:\DOCUME~1\stacja\USTAWI~1\Temp\vtUmKCTL.dll No File
Toolbar: HKU\S-1-5-21-854811316-1714634077-341355187-1008 - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
CHR HomePage: Default - hxxp://isearch.omiga-plus.com/?type=hpts=1415480423from=tugsuid=ST98823AS_5PK4Z2XHXXXX5PK4Z2XH
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpts=1415480423from=tugsuid=ST98823AS_5PK4Z2XHXXXX5PK4Z2XH"
R2 MaintainerSvc4.16.1074588; C:\Documents and Settings\All Users\Dane aplikacji\5327bf3a-385d-43de-b57d-c607b633644e\maintainer.exe [123640 2014-12-09] ()
S2 Util Lampy Lighty; "C:\Program Files\Lampy Lighty\bin\utilLampyLighty.exe" [X]
S3 APCMp50; System32\Drivers\APCMp50.sys [X]
S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter_lte; \\C:\WINDOWS\system32\drivers\massfilter_lte.sys [X]
2014-12-09 18:56 - 2014-12-09 19:02 - 00000000 ____ D () C:\AdwCleaner
2014-11-09 11:08 - 2014-11-09 20:11 - 00000000 ____ D () C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-11-09 11:08 - 2014-11-09 11:08 - 00000000 ____ D () C:\Program Files\Common Files\Wise Installation Wizard
2014-12-09 19:00 - 2014-11-08 22:02 - 00001352 _____ () C:\WINDOWS\Tasks\YEUPY.job
2014-12-09 19:00 - 2014-11-08 22:02 - 00001352 _____ () C:\WINDOWS\Tasks\LAXBG.job
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Udało się. Jest ok!! Bardzo dziękuje za pomoc.
Skasuj folder C:\FRST