Zamulony komputer na systeme Win 8.1

Dla specjalistów Bezpieczeństwo
#1

Witam coś sie dzieje z Moim blaszakiem czasami strasznie zamula po zrobieniu formata nie widać różnicy.

 

Tutaj załączam logi z OTL :

 

OTL :  http://www.wklej.org/id/1592694/

 

OTL Extras :  http://www.wklej.org/id/1592695/

 

#2

Odinstaluj SpyHunter.Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

#3

Prosze skan z FRST :

 

FRST :       http://wklej.org/id/1592736/

 

Addition :   http://wklej.org/id/1592740/

#4

Otwórz notatnik systemowy i wklej:

Hosts:
Task: {097A1173-51AB-4BED-BD10-4C538A7BEEDB} - System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-5_user = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-5.exe ==== ATTENTION
Task: {3945333B-486D-4248-B36C-5794D63783D4} - System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-5 = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-5.exe ==== ATTENTION
Task: {4869AA7B-8268-4BE8-AFC2-8C1EBBACA1C3} - System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-1 = C:\Program Files (x86)\TornPlusTV_version1.11\TornPlusTV_version1.11-codedownloader.exe ==== ATTENTION
Task: {6892C742-1D14-4F7F-82C7-D36651A36FF7} - System32\Tasks\YZDJNXU = C:\Users\John\AppData\Roaming\YZDJNXU.exe ==== ATTENTION
Task: {68F161FF-E5A7-4C24-AC33-18BECCC8CDF8} - System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-2 = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-2.exe ==== ATTENTION
Task: {6FF8E443-CD07-4A25-AC55-F6AB7066C588} - System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-7 = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-7.exe ==== ATTENTION
Task: {904AC44F-2E0F-47E4-83A4-FA6749373F80} - System32\Tasks\HRWOUO = C:\Users\John\AppData\Roaming\HRWOUO.exe ==== ATTENTION
Task: {C4329112-4B7E-4652-9604-82713C2E0AF7} - System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-6 = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-6.exe ==== ATTENTION
Task: {DD8E7C7C-DA45-47FB-A717-4B1D7EB05355} - System32\Tasks\Optimizer Pro Schedule = C:\Program Files (x86)\Optimizer Pro 3.20\OptProLauncher.exe ==== ATTENTION
Task: {F3CF7223-A2ED-4040-9D5D-F8319E2BB7B9} - System32\Tasks\TBOUAKE = C:\Users\John\AppData\Roaming\TBOUAKE.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-1.job = C:\Program Files (x86)\TornPlusTV_version1.11\TornPlusTV_version1.11-codedownloader.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-2.job = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-2.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-5.job = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-5.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-5_user.job = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-5.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-6.job = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-6.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-7.job = C:\Program Files (x86)\TornPlusTV_version1.11\0dd75257-e832-4244-a21b-66bb5e213fb3-7.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\HRWOUO.job = C:\Users\John\AppData\Roaming\HRWOUO.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\TBOUAKE.job = C:\Users\John\AppData\Roaming\TBOUAKE.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\YZDJNXU.job = C:\Users\John\AppData\Roaming\YZDJNXU.exe ==== ATTENTION
BootExecute: autocheck autochk *
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpts=1420547106from=ilduid=ST380811AS_3PT02WB0XXXX3PT02WB0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1420547106from=ilduid=ST380811AS_3PT02WB0XXXX3PT02WB0q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1420547106from=ilduid=ST380811AS_3PT02WB0XXXX3PT02WB0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1420547106from=ilduid=ST380811AS_3PT02WB0XXXX3PT02WB0q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
S2 5936b827; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.20\OptProMon.dll",ENT
S3 esgiguard; \\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2015-01-06 14:38 - 2015-01-06 14:38 - 00247851 _____ () C:\spyhunter.log
2015-01-06 13:38 - 2015-01-06 13:39 - 00032363 _____ () C:\sh4_service.log
2015-01-06 13:36 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2015-01-06 13:27 - 2015-01-06 13:27 - 00003252 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2015-01-06 13:26 - 2015-01-10 12:57 - 00000000 ____ D () C:\Program Files (x86)\Optimizer Pro 3.20
2015-01-06 13:26 - 2015-01-06 14:37 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-01-06 13:23 - 2015-01-12 13:10 - 00002466 _____ () C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-5_user.job
2015-01-06 13:23 - 2015-01-12 13:10 - 00002466 _____ () C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-5.job
2015-01-06 13:23 - 2015-01-12 13:10 - 00002130 _____ () C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-2.job
2015-01-06 13:23 - 2015-01-06 13:23 - 00005470 _____ () C:\WINDOWS\System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-5
2015-01-06 13:23 - 2015-01-06 13:23 - 00005134 _____ () C:\WINDOWS\System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-2
2015-01-06 13:22 - 2015-01-12 13:10 - 00005538 _____ () C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-6.job
2015-01-06 13:22 - 2015-01-12 13:10 - 00005202 _____ () C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-7.job
2015-01-06 13:22 - 2015-01-12 13:10 - 00003152 _____ () C:\WINDOWS\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-1.job
2015-01-06 13:22 - 2015-01-12 13:10 - 00001354 _____ () C:\WINDOWS\Tasks\HRWOUO.job
2015-01-06 13:22 - 2015-01-10 12:57 - 00000000 ____ D () C:\Program Files (x86)\de5200c7-67ee-43be-b993-a1ada713c5e4
2015-01-06 13:22 - 2015-01-06 13:22 - 00008542 _____ () C:\WINDOWS\System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-6
2015-01-06 13:22 - 2015-01-06 13:22 - 00008206 _____ () C:\WINDOWS\System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-7
2015-01-06 13:22 - 2015-01-06 13:22 - 00006156 _____ () C:\WINDOWS\System32\Tasks\0dd75257-e832-4244-a21b-66bb5e213fb3-1
2015-01-06 13:22 - 2015-01-06 13:22 - 00004360 _____ () C:\WINDOWS\System32\Tasks\HRWOUO
2015-01-06 10:51 - 2015-01-06 10:51 - 00000000 ____ D () C:\Program Files (x86)\Enigma Software Group
2015-01-06 10:50 - 2015-01-12 13:07 - 00000000 ____ D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-01-05 21:40 - 2015-01-12 13:10 - 00001700 _____ () C:\WINDOWS\Tasks\YZDJNXU.job
2015-01-05 21:40 - 2015-01-05 21:49 - 00004706 _____ () C:\WINDOWS\System32\Tasks\YZDJNXU
2015-01-05 21:37 - 2015-01-12 13:10 - 00001700 _____ () C:\WINDOWS\Tasks\TBOUAKE.job
2015-01-05 21:37 - 2015-01-05 21:38 - 00004706 _____ () C:\WINDOWS\System32\Tasks\TBOUAKE
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.