Witam. Ściągając program, ściagnął mi się też ten lollipop, który z tego co czytałem jest wirusem. Usunąłem go, ale wstawiam logi do sprawdzenia dla upewnienia się, czy wszystko jest w porządku.
http://wklej.org/id/1085531/
http://wklej.org/id/1085536/
Acorus
(Acorus)
12 Lipiec 2013 16:57
#2
Odinstaluj Yontoo 1.10.02,BrowserDefender,Delta toolbar,Delta Chrome Toolbar,Funmoods,GadgetBox,GBox Updater,Incredibar Toolbar on IE,SProtector 1.62,uTorrentControl_v6 Toolbar,unnm=Version Checker for Dealply.Użyj AdwCleaner http://general-changelog-team.fr/fr/dow … adwcleaner z funkcji Usuń(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
Pokaż nowy OTL.txt
Acorus
(Acorus)
12 Lipiec 2013 18:19
#4
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM…\SearchScopes{54AFEED3-EA69-204F-4F59-24547FE1AD4D}: “URL” = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0EtCtAyEzy0DyEyD0EyCtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2033924731 IE - HKU\S-1-5-21-3573649361-3334153816-3899307160-1000…\SearchScopes{0262B3A9-7CA8-47E0-A16A-51782A8FCEDA}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN17588013109544275&UM=1 IE - HKU\S-1-5-21-3573649361-3334153816-3899307160-1000…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=bandext_3312_2&babsrc=SP_ss&mntrId=0c6845e6000000000000002186087416 IE - HKU\S-1-5-21-3573649361-3334153816-3899307160-1000…\SearchScopes{54AFEED3-EA69-204F-4F59-24547FE1AD4D}: “URL” = http://search.babylon.com/?q={searchTerms}&affID=115298&tt=4912_8&babsrc=SP_ss&mntrId=0c6845e6000000000000002186087416 O4 - HKLM…\Run: [WinampAgent] “C:\Program Files (x86)\Winamp\winampa.exe” File not found O4 - HKU\S-1-5-21-3573649361-3334153816-3899307160-1000…\Run: [ALLUpdate] “C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe” “sleep” File not found O4 - HKU\S-1-5-21-3573649361-3334153816-3899307160-1000…\Run: [DAEMON Tools Pro Agent] “F:\DAEMON Tools Pro\DTAgent.exe” -autorun File not found O4 - HKU\S-1-5-21-3573649361-3334153816-3899307160-1000…\Run: [Hoolapp Android] “C:\Users\win7\AppData\Roaming\HOOLAP~1\Hoolapp.exe” /Minimized File not found O4 - HKU\S-1-5-21-3573649361-3334153816-3899307160-1000…\Run: [screenshooter] F:\ss\ScreenShooter\screenshooter.exe --hidden File not found O4 - HKU\S-1-5-21-3573649361-3334153816-3899307160-1003…\Run: [AVG-Secure-Search-Update_JUNE2013_HP] “C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe” /PROMPT /CMPID=JUNE2013_HP File not found O4 - HKU\S-1-5-21-3573649361-3334153816-3899307160-1003…\Run: [AVG-Secure-Search-Update_JUNE2013_TB] “C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe” /PROMPT /CMPID=JUNE2013_TB File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3573649361-3334153816-3899307160-1003…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Ściągaj z Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Ściągaj z Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found [2013-06-15 12:45:27 | 000,000,000 | —D | C] – C:\Users\win7\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I [2013-07-12 19:18:38 | 000,000,350 | ---- | M] () – C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013-07-12 19:18:38 | 000,000,350 | ---- | M] () – C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.
W AdwCleaner użyj opcji Usuń.