Analiza logów OTL - wolna praca komputera i problem z fejsem

roslina · 22 Czerwiec 2012 00:24

Logi z OTL:

http://wklej.org/id/777520/

skan z malware: http://wklej.org/id/777522/

Prosze o pomoc znawców

Gutek · 22 Czerwiec 2012 05:13

Daj logi z OTL, w Malwarebytes Anti-Malware na końcu skanowania nie wciśnięto Usuń zaznaczone

roslina · 22 Czerwiec 2012 06:56

http://wklej.org/id/777539/

http://wklej.org/id/777540/

Acorus · 22 Czerwiec 2012 07:58

Odinstaluj Browsers Protector,McAfee Security Scan Plus,vShare.tv plugin 1.3.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL MOD - [2012/02/15 18:56:52 | 000,147,784 | ---- | M] () – C:\Program Files (x86)\Browsers Protector\regmon32.exe IE - HKLM…\SearchScopes{22E96259-20B2-4979-BDE5-BF5849705737}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0004002 IE - HKLM…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … 1010000&q={searchTerms}&barid={8AFB0109-52A2-11E1-B509-4CEDDE9B4ED7} IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=5c9fdb5d- … edde9b4ed7 IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&AF=109217&babsrc=SP_ss&mntrId=8828e8f3000000000000b4749f51ee1e IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{17A120D1-403B-4889-B4FD-6914AC8F33C6}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=8R&apn_dtid=YYYYYYYYPL&apn_uid=967BA113-9CFB-4FEE-82E4-A88A401A90E4&apn_sauid=F684FB36-18A6-476F-9DCA-C92BFDFD4B95 IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{22E96259-20B2-4979-BDE5-BF5849705737}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0004002 IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{9AEEDF1A-DE76-4C45-A2B9-C2F0B817BE66}: “URL” = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{AF9154E8-4AF9-44CB-9E36-D1A17D3EF7AD}: “URL” = http://search.yahoo.com/search?fr=chr-g … =937811&p={searchTerms} IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … 1010000&q={searchTerms}&barid={8AFB0109-52A2-11E1-B509-4CEDDE9B4ED7} IE - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\SearchScopes{FEB7636D-1B68-466B-8189-B900EA44BDBF}: “URL” = http://start.funmoods.com/results.php?f=4&a=stonicpl stagedXpi&q={searchTerms} FF - prefs.js…browser.search.defaultenginename: “Web Search” FF - prefs.js…browser.search.defaultthis.engineName: “uTorrentControl2 Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}” FF - prefs.js…browser.search.order.1: “Search the web (Babylon)” FF - prefs.js…browser.startup.homepage: “http://domredi.com/1/” FF - prefs.js…keyword.URL: “http://search.babylon.com/?AF=109217&babsrc=adbartrp&mntrId=8828e8f3000000000000b4749f51ee1e&q=” FF - prefs.js…sweetim.toolbar.previous.browser.search.defaultenginename: “Web Search” [2012/05/31 08:20:30 | 000,000,000 | —D | M] (uTorrentControl2 Community Toolbar) – C:\Users\Roślina\AppData\Roaming\mozilla\Firefox\Profiles\ahi3ewut.default\extensions{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/03/05 08:34:58 | 000,000,000 | —D | M] (Babylon) – C:\Users\Roślina\AppData\Roaming\mozilla\Firefox\Profiles\ahi3ewut.default\extensions\ffxtlbr@babylon.com [2012/02/08 23:55:05 | 000,000,000 | —D | M] (Funmoods.com) – C:\Users\Roślina\AppData\Roaming\mozilla\Firefox\Profiles\ahi3ewut.default\extensions\ffxtlbr@funmoods.com [2012/02/04 06:27:19 | 000,000,000 | —D | M] (Softonic Toolbar) – C:\Users\Roślina\AppData\Roaming\mozilla\Firefox\Profiles\ahi3ewut.default\extensions\ffxtlbra@softonic.com [2012/06/20 18:23:04 | 000,000,000 | —D | M] (MyPlayCity Toolbar) – C:\Users\Roślina\AppData\Roaming\mozilla\Firefox\Profiles\ahi3ewut.default\extensions\toolbar@ask.com [2011/02/01 20:05:08 | 000,002,333 | ---- | M] () – C:\Users\Roślina\AppData\Roaming\Mozilla\Firefox\Profiles\ahi3ewut.default\searchplugins\askcom.xml [2012/04/18 00:39:24 | 000,000,935 | ---- | M] () – C:\Users\Roślina\AppData\Roaming\Mozilla\Firefox\Profiles\ahi3ewut.default\searchplugins\conduit.xml [2012/02/08 23:54:39 | 000,001,812 | ---- | M] () – C:\Users\Roślina\AppData\Roaming\Mozilla\Firefox\Profiles\ahi3ewut.default\searchplugins\funmoods.xml [2012/02/08 23:32:26 | 000,002,060 | ---- | M] () – C:\Users\Roślina\AppData\Roaming\Mozilla\Firefox\Profiles\ahi3ewut.default\searchplugins\softonic.xml [2012/03/17 21:04:38 | 000,000,792 | ---- | M] () – C:\Users\Roślina\AppData\Roaming\Mozilla\Firefox\Profiles\ahi3ewut.default\searchplugins\startsear.xml [2012/05/03 02:42:15 | 000,003,992 | ---- | M] () – C:\Users\Roślina\AppData\Roaming\Mozilla\Firefox\Profiles\ahi3ewut.default\searchplugins\sweetim.xml O3 - HKLM…\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods) O3 - HKLM…\Toolbar: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O3 - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\Toolbar\WebBrowser: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKU\S-1-5-21-425697130-2423384976-1920107721-1001…\Run: [DAEMON Tools Lite] “C:\Users\Roślina\Desktop\mmmmmmmmmmmmmmmmmmmmmmmmmmm\sunrise festival 2012\NNNNNNN\DTLite.exe” -autorun File not found [2012/06/20 18:23:00 | 000,000,000 | —D | C] – C:\Program Files (x86)\Ask.com [2012/05/24 16:50:30 | 000,000,000 | —D | C] – C:\Program Files (x86)\Conduit :Commands [emptytemp] [resethosts]

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

roslina · 22 Czerwiec 2012 10:03

Usunąłem co trzeba a tu linki:

http://wklej.org/id/777588/

http://wklej.org/id/777593/

Acorus · 22 Czerwiec 2012 13:34

W OTL użyj opcji Sprzątanie.Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).

Przeskanuj programem Dr.WEB CureIt http://www.dobreprogramy.pl/Dr.WEB-Cure … 12976.html