Nie widzę tu żadnej infekcji.
Są ślady sponsorskich śmieci, więc:
1) Uruchom
OTL i w oknie
Własne opcje skanowania/Skrypt wklej to:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | Unavailable | Unknown] -- C:\Documents and Settings\Admin\Pulpit\x86\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a5ue0n6n)
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
[2010-09-11 17:58:50 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (no name) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - No CLSID value found.
O2 - BHO: (Browse2save) - {E07BB0E6-9DDD-C837-8B4D-299CC4189F62} - C:\Documents and Settings\All Users\Dane aplikacji\Browse2save\5111299ac677b.dll ()
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O2 - BHO: (DoownlOaD keeeper) - {F63A2939-7CB7-CDD8-737D-A278E8EA170D} - C:\Program Files\DoownlOaD keeeper\7G.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-287218729-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-287218729-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKU\S-1-5-21-823518204-287218729-725345543-1008..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Menu Start\Programy\IMVU\Run IMVU.lnk File not found
O20 - Winlogon\Notify\avldr: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2013-12-09 16:38:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013-12-08 20:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013-12-07 14:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013-12-05 10:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012-08-23 20:43:07 | 000,384,844 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial.crx
[2012-08-23 20:42:46 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\funmoods.crx
[2013-02-05 17:23:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Admin\Dane aplikacji\.#
[2013-11-14 14:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\32a63e348a65f2dd
[2013-02-05 17:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Browse2save
[2013-06-11 19:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\cconntinuetioSave
[2013-10-28 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DoownlOaD keeeper
[2013-11-14 14:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DownlOaad kEEepoer
[2013-10-28 21:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"Backup.Old.DefaultScope"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
[HKEY_USERS\S-1-5-21-823518204-287218729-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes]
"Backup.Old.DefaultScope"=-
[-HKEY_USERS\S-1-5-21-823518204-287218729-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-823518204-287218729-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1A654F98-0392-3B06-D45F-6489E79D8625}]
[-HKEY_USERS\S-1-5-21-823518204-287218729-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
:Commands
[emptytemp]
Kliknij w
Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
2) Użyj
Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport.
3) Zrób nowy log z OTL.
MBRCheck_12.09.13_15.38.15.txt
