Zamulony xp + wolno chodzą przeglądarki


(Pawel Bulak) #1

proszę o pomoc, oto logi z OTL

 

http://wklej.org/id/1604532/   otl.txt

 

http://wklej.org/id/1604535/   extras

 

Pozdrawiam i dziekuje

Pawel


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.


(Pawel Bulak) #3

oto logi z FRST   http://wklej.org/id/1604873/      i Addnition http://wklej.org/id/1604872/


(Acorus) #4

Otwórz notatnik systemowy i wklej:

Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job = C:\WINDOWS\system32\xp_eos.exe
HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-73586283-583907252-725345543-1003\...\MountPoints2: {0fc34633-072e-11df-95a5-000802531cf6} - E:\qkm.exe
HKU\S-1-5-21-73586283-583907252-725345543-1003\...\MountPoints2: {2895aef4-608b-11de-94be-000802531cf6} - E:\8paf1d.com
HKU\S-1-5-21-73586283-583907252-725345543-1003\...\MountPoints2: {caa32694-8eda-11dd-93c5-000802531cf6} - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
HKU\S-1-5-21-73586283-583907252-725345543-1003\...\MountPoints2: {eb473fc3-b7bd-11dd-93f2-000802531cf6} - E:\xih9.cmd
HKU\S-1-5-21-73586283-583907252-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-73586283-583907252-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=ORJ-SPEo=APN11412pf=V7trgb=CRp2=%5EBBK%5EOSJ000%5EYY%5EPLgct=hpapn_ptnrs=BBKapn_dtid=%5EOSJ000%5EYY%5EPLapn_dbr=cr_36.0.1985.125apn_uid=5A6C5475-1FCA-4B29-BC13-9A97299E5C38itbv=12.15.1.20doi=2014-07-22psv=pt=tb
URLSearchHook: HKU\S-1-5-21-73586283-583907252-725345543-1003 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKU\S-1-5-21-73586283-583907252-725345543-1003 - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://www.search.ask.com/web?tpid=ORJ-SPEo=APN11412pf=V7p2=^BBK^OSJ000^YY^PLgct=sbitbv=12.15.1.20apn_uid=5A6C5475-1FCA-4B29-BC13-9A97299E5C38apn_ptnrs=BBKapn_dtid=^OSJ000^YY^PLapn_dbr=cr_36.0.1985.125doi=2014-07-22trgb=CRq={searchTerms}psv=pt=tb
SearchScopes: HKU\S-1-5-21-73586283-583907252-725345543-1003 - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://www.search.ask.com/web?tpid=ORJ-SPEo=APN11412pf=V7p2=^BBK^OSJ000^YY^PLgct=sbitbv=12.15.1.20apn_uid=5A6C5475-1FCA-4B29-BC13-9A97299E5C38apn_ptnrs=BBKapn_dtid=^OSJ000^YY^PLapn_dbr=cr_36.0.1985.125doi=2014-07-22trgb=CRq={searchTerms}psv=pt=tb
Toolbar: HKU\S-1-5-21-73586283-583907252-725345543-1003 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
CHR StartupUrls: Default - "hxxp://www.search.ask.com/?tpid=ORJ-SPEo=APN11412pf=V7trgb=CRp2=%5EBBK%5EOSJ000%5EYY%5EPLgct=hpapn_ptnrs=BBKapn_dtid=%5EOSJ000%5EYY%5EPLapn_dbr=cr_36.0.1985.125apn_uid=5A6C5475-1FCA-4B29-BC13-9A97299E5C38itbv=12.15.1.20doi=2014-07-22psv=pt=tb"
CHR Extension: (Ask Search) - C:\Documents and Settings\d5s\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2014-10-24]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - No Path
S1 eamon; system32\DRIVERS\eamon.sys [X]
S3 RT73; System32\DRIVERS\rt73.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe