barandek
(barandek)
17 Lipiec 2012 14:34
#1
Witam, działałem chwilę w programie w którym zarabia się za wypełnianie ankiet, w jednej z nich miałem pobrać program i zainstalować go za co dostałbym dodatkowe wirtualne punkty. Po jego zainstalowaniu obawiam się że mój komputer załapał szkodliwego oprogramowania. Proszę o pomoc w przeskanowaniu i naprawy komputera. Teraz rozłącza mi internet, i jest bardzo zamulony. A na netstat mam kilkadziesiąt dodatkowych połączeń.
http://wklej.to/lLRGf - skan OTL
Atis
(Atis)
17 Lipiec 2012 15:20
#2
Odinstaluj Complitly.
Do okna Własne opcje skanowania / skrypt wklej:
:OTL SRV:64bit: - File not found [Auto | Stopped] – C:\program files\otshot\ZalmanUpdateService.exe – (otshot) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.certified-toolbar.com?si= … tid=397&q={searchTerms} IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKU\S-1-5-21-3794736147-3734496573-477098203-1000…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.certified-toolbar.com?si= … tid=397&q={searchTerms} O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\cx8h32\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\cx8h32\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O4 - HKU\S-1-5-21-3794736147-3734496573-477098203-1000…\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - Startup: C:\Users\cx8h32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\cx8h32\AppData\Roaming\BrowserCompanion\tcbhn.exe () [2012-07-17 01:45:50 | 000,000,000 | —D | C] – C:\Users\cx8h32\AppData\Roaming\Complitly [2012-07-17 01:45:50 | 000,000,000 | —D | C] – C:\Program Files (x86)\Complitly [2012-07-17 01:45:49 | 000,000,000 | —D | C] – C:\Users\cx8h32\AppData\Roaming\BrowserCompanion [2012-07-17 01:45:48 | 000,000,000 | —D | C] – C:\Program Files (x86)\BrowserCompanion [2012-07-17 01:42:16 | 000,000,000 | —D | C] – C:\Program Files\Babylon [2012-07-17 01:42:16 | 000,000,000 | —D | C] – C:\Program Files (x86)\Babylon [2012-07-17 01:45:50 | 000,002,043 | ---- | M] () – C:\Users\cx8h32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
barandek
(barandek)
17 Lipiec 2012 21:08
#3
Atis
(Atis)
17 Lipiec 2012 21:32
#4
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania:
Aby usunąć wszystkie punkty przywracania
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date