Kolobos

Nie uzywaj combofix! Odinstaluj: Spybot - Search & Destroy 2 Zmien dnsy na 8.8.8.8 oraz 8.8.4.4 Daj logi z FRST: http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294 Wklej na wklej.org i podaj linki.

Odinstaluj: Java™ 6 Update 24 (64-bit) Zainstaluj: http://ninite.com/java/ Usun katalog C:\FRST i to wszystko.

Daj jeszcze addition.txt z FRST. Obok frst.exe utworz plik fixlist.txt z zawartoscia: SearchScopes: HKCU - {82A4A240-2E68-4D74-9063-D4349C71ABFE} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=137b9591-1270-4e22-a544-73ba61a7b619&apn_sauid=939B07E9-35D0-43A5-8514-DC5C3880EA67 BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File FF SearchEngineOrder.1: Ask.com S3 catchme; \??\C:\ComboFix\catchme.sys [X] 2014-08-25 15:19 - 2014-08-25 15:22 - 00000000 ____D () C:\AdwCleaner 2014-08-24 21:58 - 2014-08-24 21:58 - 00027770 _____ () C:\ComboFix.txt 2014-08-24 21:30 - 2014-08-24 20:24 - 05572212 ____R (Swearware) C:\ComboFix.exe 2014-08-24 20:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-24 20:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-24 20:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-24 20:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-24 20:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-24 20:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-24 20:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-24 20:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-24 20:57 - 2014-08-24 21:58 - 00000000 ____D () C:\Qoobox W FRST wybierz Fix.

Kto Ci kazal uzywac combofix? Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Daj logi z FRST: http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294 Wklej na wklej.org i podaj linki. Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Podaj identyfikator.

Zostaje wgranie biosu przy pomocy programatora.

Blad czujnika lub program go nie obsluguje. Nie widze jaki to ma zwiazek z tematyka tego dzialu?

Wszystko wyglada ok.

Daj screen z CrystalDiskInfo.

Odinstaluj: BrowseSmart aartemis Browser Protecter Bonanza Deals (remove only) fst_pl_107 IePluginService12.27.0.3326 Mobogenie Plus-HD-9.1 Quiknowledge SupTab WinZipper Lollipop Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Daj logi z FRST: http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294 Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

W logach nie widac nic ciekawego.

Obok frst utworz plik fixlist.txt z zawartoscia: SearchScopes: HKLM - DefaultScope value is missing. FF NewTab: chrome://quick_start/content/index.html S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] 2014-05-27 16:00 - 2014-05-27 16:09 - 00000000 ____D () C:\AdwCleaner 2014-05-27 15:52 - 2014-05-27 15:52 - 00000000 ____D () C:\_OTL W Frst wybierz Fix i to wszystko.

Combofix polecaja osoby, ktore maja zbyt mala wiedze zeby poradzic sobie z infekcja, uzywaja combofix myslac, ze to kolejny skaner antywirusowy/anymalware, a tak nie jest. Polecam wpisanie w google: dlaczego nie uzywac combofix.

Wykonaj skrypt w OTL: :OTL PRC - [2014-05-01 18:10:32 | 000,566,272 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe PRC - [2014-04-11 04:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginService\PluginService.exe PRC - [2011-07-21 13:44:08 | 020,237,824 | ---- | M] () -- C:\Users\Hormon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sfBot.exe SRV - [2014-05-01 18:10:32 | 000,566,272 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm) SRV - [2014-04-11 04:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService) SRV - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49&q={searchTerms} IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49&q={searchTerms} IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49&q={searchTerms} IE - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49 IE - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49 IE - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1398960574&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49&q={searchTerms} FF - prefs.js..browser.startup.homepage: "http://start.qone8.com/?type=hppp&ts=1400042024&from=smt&uid=ST3500418AS_5VM39W49XXXX5VM39W49" FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quick_start@gmail.com: C:\Users\Hormon\AppData\Roaming\Mozilla\Firefox\Profiles\vmj6eb2x.default\extensions\quick_start@gmail.com O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - No CLSID value found. O4 - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000..\Run: [Fatal1tySTU] File not found O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000..\RunOnce: [AsrOMG_Day0] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000..\RunOnce: [AsrOMG_Day1] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000..\RunOnce: [AsrOMG_Day2] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000..\RunOnce: [AsrOMG_Day3] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000..\RunOnce: [AsrOMG_Day4] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000..\RunOnce: [AsrOMG_Day5] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-2065270572-1465547705-2699293322-1000..\RunOnce: [AsrOMG_Day6] Reg Error: Invalid data type. File not found O4 - Startup: C:\Users\Hormon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sfBot.exe () [2014-05-01 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Hormon\AppData\Roaming\qone8 [2014-04-30 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\Hormon\AppData\Roaming\SFBot [2014-05-01 18:10:39 | 000,000,000 | ---D | M] -- C:\Users\Hormon\AppData\Roaming\SupTab :Commands [emptytemp] Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Daj logi z FRST: http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294 Wklej na wklej.org i podaj linki. Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Odinstaluj: Bundled software uninstaller McAfee Security Scan Plus Your Software Deals 1.0.0 Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Wykonaj skrypt w OTL: :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000AAKX-75U6AA0_WD-WMC2E298007280072&ts=1362937668 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000AAKX-75U6AA0_WD-WMC2E298007280072&ts=1362937668 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=34aa686a-2dc1-11e2-be6b-902b34ba8b66&q={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss&mntrId=6C71647002221354 IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.freemake.com/search.php?query={searchTerms}&category=web&exp=1 IE - HKCU\..\SearchScopes\{D18F54D3-6852-4CE5-B40C-D48D2C0BEDCE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=24F5276F-B24C-4E91-B797-9F3D0D8DABFE&apn_sauid=5500A7EB-415C-4ADA-BCF9-4E085387160B IE - HKCU\..\SearchScopes\Freemake: "URL" = http://search.22find.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000AAKX-75U6AA0_WD-WMC2E298007280072&ts=1362937669 FF - prefs.js..browser.search.defaultengine: "Ask.com" [2014-05-24 09:42:47 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qb8xuywg.default\extensions\abs@avira.com [2013-05-19 21:34:04 | 000,002,308 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qb8xuywg.default\searchplugins\askcom.xml [2014-05-24 09:42:47 | 000,000,971 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qb8xuywg.default\searchplugins\avira-safesearch.xml [2013-05-21 14:15:32 | 000,006,505 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qb8xuywg.default\searchplugins\babylon.xml [2013-05-21 14:15:54 | 000,001,294 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qb8xuywg.default\searchplugins\delta.xml [2013-04-02 16:41:54 | 000,000,881 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qb8xuywg.default\searchplugins\freemake.xml CHR - Extension: PrivitizeBar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepfenndjoibhgfopdfkohmnbdmpgapk\10.26.9.505_0\ CHR - Extension: PrivitizeBar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepfenndjoibhgfopdfkohmnbdmpgapk\10.26.9.505_0\nativeMessaging\nmHost O4 - HKLM..\Run: [MSys32] "C:\Program Files (x86)\Tetris 4000\morfitwebentrance.exe" File not found O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" File not found O4 - HKCU..\Run: [NextLive] C:\Users\User\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe) Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Nie uzywaj combofix! Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Daj logi z FRST: http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294 Wklej na wklej.org i podaj linki. Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Odinstaluj: DAEMON Tools Toolbar Log wyglada ok.

Masz zainfekowany router, zmien haslo do routera, ustaw poprawne dnsy, wylacz mozliwosc logowania sie do panelu z internetu. W razie dalszych problemow wgraj najnowszy firmware.

Podlacz do innego komputera bez przejsciowki i sprawdz czy dysk jest sprawny.

Uwazaj co sciagasz i skad! Podczas instalacji rezygnuj z instalowania dodatkowych szkodliwych programow. Programy sciagaj ze stron producentow. Zawsze wybieraj instalacje zaawansowana. Wtedy unikniesz tego co widac ponizej. Odinstaluj: BrowseSmart Google Toolbar for Internet Explorer Bing Bar Ask Toolbar aartemis Browser Protecter Bonanza Deals (remove only) IePluginService12.27.0.332 Mobogenie RegClean Pro SupTab WinZipper SaveSense Skype Packages VuuPC Packages"SaveSense" = SaveSense Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner Wykonaj skrypt w OTL: :OTL PRC - [2014-04-04 11:22:32 | 000,350,496 | ---- | M] () -- C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe PRC - [2014-04-04 11:19:22 | 000,350,496 | ---- | M] () -- C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe PRC - [2014-04-01 21:08:12 | 000,094,496 | ---- | M] () -- C:\Program Files (x86)\BrowseSmart\bin\XTLSApp.exe PRC - [2014-02-26 15:29:24 | 000,425,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe PRC - [2014-02-26 10:30:22 | 000,501,904 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe PRC - [2014-02-26 08:44:20 | 000,508,016 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginService\PluginService.exe PRC - [2014-02-14 03:42:08 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe PRC - [2014-02-14 03:41:47 | 001,758,160 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe PRC - [2013-12-13 09:40:31 | 000,761,024 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe SRV - [2014-04-04 11:22:32 | 000,350,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe -- (Util BrowseSmart) SRV - [2014-04-04 11:19:22 | 000,350,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe -- (Update BrowseSmart) SRV - [2014-02-26 15:29:24 | 000,425,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\WinZipper\winzipersvc.exe -- (winzipersvc) SRV - [2014-02-26 10:30:22 | 000,501,904 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm) SRV - [2014-02-26 08:44:20 | 000,508,016 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService) SRV - [2014-02-14 03:42:08 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2014-01-31 15:16:25 | 000,146,920 | ---- | M] (SaveSense) [On_Demand | Stopped] -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe -- (savesenselivem) SRV - [2014-01-31 15:16:25 | 000,146,920 | ---- | M] (SaveSense) [Auto | Stopped] -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe -- (savesenselive) SRV - [2013-12-24 11:17:21 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem) SRV - [2013-12-24 11:17:21 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive) DRV:64bit: - [2014-03-18 16:23:37 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\wStLib64.sys -- (wStLib64) IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387876647&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&q={searchTerms} IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387876647&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&q={searchTerms} IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis.com/web/?type=ds&ts=1387876647&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{8D3EA39B-9D08-4834-8545-FFDDCFEBC5F2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387876647&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387876647&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313 IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis.com/web/?type=ds&ts=1387876647&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&q={searchTerms} IE - HKLM\..\SearchScopes\{8D3EA39B-9D08-4834-8545-FFDDCFEBC5F2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB IE - HKU\S-1-5-21-3264365029-3392624113-2209895587-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313 IE - HKU\S-1-5-21-3264365029-3392624113-2209895587-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264365029-3392624113-2209895587-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264365029-3392624113-2209895587-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313 IE - HKU\S-1-5-21-3264365029-3392624113-2209895587-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-3264365029-3392624113-2209895587-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264365029-3392624113-2209895587-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) CHR - default_search_provider: delta-homes (Enabled) CHR - default_search_provider: search_url = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313&type=default&q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000LM024XHN-M101MBB_S314J90DA80066A80066&ts=1393421313 CHR - Extension: Extended Protection = C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo\1.4.1_2\ CHR - Extension: Ask Toolbar = C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop\32.3_0\ O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (SaveSense) - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\laptop\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense) O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) O4 - HKLM..\Run: [fst_pl_14] File not found O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe () [2014-04-06 15:01:07 | 000,001,368 | ---- | M] () -- C:\Users\laptop\Desktop\Wyczyść rejestr za darmo!.lnk [2014-04-06 15:01:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2014-04-06 14:16:00 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\SaveSense.job [2014-04-06 12:22:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job [2014-04-06 12:21:01 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job [2014-04-06 12:01:11 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job [2014-04-06 12:01:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job [2014-03-18 16:23:37 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys [2013-12-24 11:18:32 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\0C1I1L1R1J0M1P0I1G [2014-01-31 15:16:32 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\0F1F1C2Y1H1P1C0I0T [2013-12-24 11:17:35 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\aartemis [2014-02-15 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\newnext.me [2014-01-31 15:16:23 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\SaveSense [2014-02-26 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\SupTab [2013-12-24 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\systweak [2014-03-10 15:33:10 | 000,000,000 | ---D | M] -- C:\Users\laptop\AppData\Roaming\WinZipper Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ Daj oba logi z FRST: http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294 (na wklej.org i podaj linki)

Problem pojawil sie po infekcji czy jeszcze przed? Odinstaluj: EPSI Toolbar (HKLM\...\EPSIBar) (Version: - ) Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) Securita Scout (HKLM\...\Securita Scout) (Version: - ) Zainstaluj http://ninite.com/java/ Obok Frst.exe utworz plik fixlist.txt z zawartoscia: HKU\S-1-5-21-606747145-796845957-1644491937-1004\...\Run: [Adobe] => wscript "C:\Documents and Settings\Wojciech\Dane aplikacji\Adobe\Flash Player\BrowserCache\IDMcache.vbs" "C:\Documents and Settings\Wojciech\Dane aplikacji\Adobe\Flash Player\BrowserCache\IDMcache.bat" IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\EPSI ToolBar.lnk ShortcutTarget: EPSI ToolBar.lnk -> C:\Saab (No File) SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab CHR HomePage: hxxp://www.default-search.net?sid=476&aid=113&itype=n&ver=11471&tm=291&src=hmp CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Wojciech\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR HKLM\...\Chrome\Extension: [aaaaoggiphohkihibdkcnhnokmkfmhnj] - C:\Documents and Settings\Wojciech\Ustawienia lokalne\Dane aplikacji\APN\GoogleCRXs\aaaaoggiphohkihibdkcnhnokmkfmhnj_7.13.2.0.crx [2011-12-18] S2 bupService; C:\Documents and Settings\Wojciech\Dane aplikacji\BupSystem\bup.exe [X] S3 FilterService; system32\DRIVERS\lvuvcflt.sys [X] S3 LVcKap; system32\DRIVERS\LVcKap.sys [X] S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [X] S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [X] S3 LVPr2Mon; system32\drivers\LVPr2Mon.sys [X] S3 lvselsus; system32\DRIVERS\lvselsus.sys [X] S3 LVUVC; system32\DRIVERS\lvuvc.sys [X] S3 NDSPCIIO; \??\C:\WINDOWS\system32\DRIVERS\NDSPCIIO.SYS [X] 2014-04-19 22:17 - 2013-09-17 23:00 - 00000000 ____D () C:\AdwCleaner W Frst wybierz Fix. Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe Uzyj http://www.bleepingcomputer.com/download/tfc/

Daj oba logi z FRST: http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294 oba wklej na wklej.org i podaj linki. Windows Update wylacz, razem z usluga. Laczy sie przez wifi czy kablem?

W takim razie dlaczego ich nie sciaganiesz ze strony LG? Pierwszy link z google: http://www.lg.com/uk/support-product/lg-W1942S

Przeczytaj nazwe dzialu w ktorym napisales i jego opis, a pozniej mocno sie zastanow nad tym co napisales: "ten najbardziej pasował".

Odinstaluj: Java™ 6 Update 22 (64-bit) ESET Online Scanner v3 Zainstaluj http://ninite.com/java/ Wykonaj skrypt w OTL: :OTL IE - HKUS-1-5-21-1124830667-4079237590-2397811578-1001..SearchScopes{839C3954-C39B-40FA-8C0D-0DC198A408BF}: "URL" = http://rover.ebay.com/rover/1/710-42480-16445-20/4?mpre=http://shop.ebay.co.uk/?_nkw={searchTerms} O2:64bit: - BHO: (no name) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No CLSID value found. O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O4 - HKUS-1-5-21-1124830667-4079237590-2397811578-1004..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O27:64bit: - HKLM IFEOavcenter.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOavgnt.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOavguard.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOavp.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEObdagent.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOccuac.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOComboFix.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOegui.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOhijackthis.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOInstaller.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOkeyscrambler.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOmbam.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOMpCmdRun.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOMSASCui.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOMsMpEng.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOmsseces.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOspybotsd.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOwireshark.exe: Debugger - euaie.exe File not found O27:64bit: - HKLM IFEOzlclient.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOavcenter.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOavgnt.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOavguard.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOavp.exe: Debugger - euaie.exe File not found O27 - HKLM IFEObdagent.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOccuac.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOComboFix.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOegui.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOhijackthis.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOInstaller.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOkeyscrambler.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOmbam.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOMpCmdRun.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOMSASCui.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOMsMpEng.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOmsseces.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOspybotsd.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOwireshark.exe: Debugger - euaie.exe File not found O27 - HKLM IFEOzlclient.exe: Debugger - euaie.exe File not found Zainstaluj dowolny antywirus.