Uruchom
OTL i w oknie
Własne opcje skanowania/Skrypt wklej to:
:OTL
[2015/01/30 21:22:00 | 000,000,356 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job
[2015/01/28 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\eCyber
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\flashEnhancer.dll ()
2014/02/15 11:30:13 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
[2014/12/04 19:13:35 | 000,019,984 | ---- | C] () -- C:\windows\System32\drivers\EsgScanner.sys
[2015/01/17 11:45:49 | 000,044,712 | ---- | C] (Elex do Brasil cenzura!çþes Ltda) -- C:\windows\System32\drivers\iSafeNetFilter.sys
[2015/01/17 11:45:49 | 000,040,744 | ---- | C] (Elex do Brasil cenzura!çþes Ltda) -- C:\windows\System32\drivers\iSafeKrnlBoot.sys
[2015/01/17 11:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Elex-tech
[2015/01/17 11:44:41 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Elex-tech
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@flashenhancer.com: C:\Program Files\AmiExt\flashEnhancer\ff [2014/02/15 11:30:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha242.net: C:\Program Files\MediaViewV1\MediaViewV1alpha242\ff
DRV - [2014/12/04 19:13:35 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva413.sys -- (XDva413)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva410.sys -- (XDva410)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva409.sys -- (XDva409)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva406.sys -- (XDva406)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva405.sys -- (XDva405)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{065e143d-1902-481f-8881-fe1a7a86fdd7}w.sys -- ({065e143d-1902-481f-8881-fe1a7a86fdd7}w)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{03d08387-c95c-46e0-b2f8-4cd0ed929279}w.sys -- ({03d08387-c95c-46e0-b2f8-4cd0ed929279}w)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{015ea39c-68f5-4e31-82f0-5fced1163b9e}w.sys -- ({015ea39c-68f5-4e31-82f0-5fced1163b9e}w)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w.sys -- ({01531192-f7ef-415f-a549-cfdb11836731}w)
DRV - [2015/01/15 07:51:14 | 000,215,336 | ---- | M] (Elex do Brasil cenzura!çþes Ltda) [File_System | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys -- (iSafeKrnl)
DRV - [2015/01/15 07:51:14 | 000,083,112 | ---- | M] (Elex do Brasil cenzura!çþes Ltda) [Kernel | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys -- (iSafeKrnlKit)
DRV - [2015/01/15 07:51:14 | 000,034,856 | ---- | M] (Elex do Brasil cenzura!çþes Ltda) [File_System | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys -- (iSafeKrnlMon)
DRV - [2015/01/15 07:51:12 | 000,040,744 | ---- | M] (Elex do Brasil cenzura!çþes Ltda) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys -- (iSafeKrnlBoot)
DRV - [2015/01/15 07:50:58 | 000,063,400 | ---- | M] (Elex do Brasil cenzura!çþes Ltda) [Kernel | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys -- (iSafeKrnlR3)
DRV - [2015/01/03 09:56:26 | 000,044,712 | ---- | M] (Elex do Brasil cenzura!çþes Ltda) [Kernel | System | Running] -- C:\Windows\System32\drivers\iSafeNetFilter.sys -- (iSafeNetFilter)
SRV - [2014/04/11 03:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Surftastic\bin\utilSurftastic.exe -- (Util Surftastic)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Surftastic\updateSurftastic.exe -- (Update Surftastic)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
MOD - [2015/01/15 07:43:55 | 000,065,696 | ---- | M] () -- C:\Program Files\Elex-tech\YAC\zlib1.dll
MOD - [2015/01/15 07:43:37 | 000,185,656 | ---- | M] () -- C:\Program Files\Elex-tech\YAC\libpng.dll
:Files
C:\ProgramData\IePluginService
C:\Users\wangzhisong
C:\Program Files\Mobogenie
C:\Program Files\AmiExt
C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd
C:\Program Files\MediaViewV1
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
:Commands
[emptytemp]
Kliknij w
Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom
OTL ponownie, tym razem kliknij
Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.