Dodatkowe polaczenia na netstat, szkodliwy program

barandek · 17 Lipiec 2012 14:34

Witam, działałem chwilę w programie w którym zarabia się za wypełnianie ankiet, w jednej z nich miałem pobrać program i zainstalować go za co dostałbym dodatkowe wirtualne punkty. Po jego zainstalowaniu obawiam się że mój komputer załapał szkodliwego oprogramowania. Proszę o pomoc w przeskanowaniu i naprawy komputera. Teraz rozłącza mi internet, i jest bardzo zamulony. A na netstat mam kilkadziesiąt dodatkowych połączeń.

http://wklej.to/lLRGf - skan OTL

Atis · 17 Lipiec 2012 15:20

Odinstaluj Complitly.

Do okna Własne opcje skanowania / skrypt wklej:

:OTL SRV:64bit: - File not found [Auto | Stopped] – C:\program files\otshot\ZalmanUpdateService.exe – (otshot) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.certified-toolbar.com?si= … tid=397&q={searchTerms} IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.certified-toolbar.com?si= … tid=397&q={searchTerms} O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\cx8h32\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\cx8h32\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O4 - HKU\S-1-5-21-3794736147-3734496573-477098203-1000…\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - Startup: C:\Users\cx8h32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\cx8h32\AppData\Roaming\BrowserCompanion\tcbhn.exe () [2012-07-17 01:45:50 | 000,000,000 | —D | C] – C:\Users\cx8h32\AppData\Roaming\Complitly [2012-07-17 01:45:50 | 000,000,000 | —D | C] – C:\Program Files (x86)\Complitly [2012-07-17 01:45:49 | 000,000,000 | —D | C] – C:\Users\cx8h32\AppData\Roaming\BrowserCompanion [2012-07-17 01:45:48 | 000,000,000 | —D | C] – C:\Program Files (x86)\BrowserCompanion [2012-07-17 01:42:16 | 000,000,000 | —D | C] – C:\Program Files\Babylon [2012-07-17 01:42:16 | 000,000,000 | —D | C] – C:\Program Files (x86)\Babylon [2012-07-17 01:45:50 | 000,002,043 | ---- | M] () – C:\Users\cx8h32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk :Commands [emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

barandek · 17 Lipiec 2012 21:08

http://wklej.to/LMnkb - po usuwaniu

http://wklej.to/2BMR7 - nowy log

Atis · 17 Lipiec 2012 21:32

Uruchom OTL i kliknij Sprzątanie.

Usuń stare punkty przywracania:

Aby usunąć wszystkie punkty przywracania

Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date

barandek · 17 Lipiec 2012 21:40

Ok, dziękuję za pomoc.