Witam! Od jakiegoś czasu mam małe problemy z komputerem. Zaczęło się od tego, że znalazłem keyloggera na kompie, którego udało mi się zneutralizować. Miałem problemy z firefoxem, tj. strona startowa sama sie ustawiała, wyszukiwarka w prawym górnym rogu się zmieniała ( to z allegro na wikipedie, to z google na cos innego, za kazdym włączeniem przeglądarki) - rozwiązałem problem. Oto logi z OTL:
OTL.txt : http://www.wklej.org/id/780285
Extras.txt : http://www.wklej.org/id/780288
Czy mógłby mi ktoś powiedzieć, czy coś jest jeszcze nie tak z kompem?
Dodam jeszcze, że przez pewien czas mój brat grał w Tibie na moim komputerze, może ta gra coś narobiła
Będę ogromnie wdzięczny za pomoc!
Atis
26 Czerwiec 2012 18:31
#2
W panelu sterowania odinstaluj:
Complitly
SweetPacks Toolbar for Internet Explorer
Update Manager for SweetPacks
DAEMON Tools Toolbar
Do okna Własne opcje skanowania / skrypt wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM…\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=58 … 060b7c9&q={searchTerms} IE - HKLM…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 IE - HKU\S-1-5-21-2185360552-234034407-3658617728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=589c675f- … cf3060b7c9 IE - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=58 … 060b7c9&q={searchTerms} IE - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\SearchScopes{A433303E-ED3C-4F7F-A899-19EFB43A12B5}: “URL” = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 FF - prefs.js…browser.search.defaultenginename: “Search the web” FF - prefs.js…browser.search.order.1: “Search the web” FF - prefs.js…browser.search.selectedEngine: “Search the web” FF - prefs.js…keyword.URL: “http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q= ” FF - user.js…browser.search.selectedEngine: “Search the web” FF - user.js…browser.search.order.1: “Search the web” FF - user.js…browser.search.defaultenginename: “Search the web” FF - user.js…keyword.URL: “http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q= ” [2012-06-04 09:08:36 | 000,000,000 | —D | M] (uTorrentBar Community Toolbar) – C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\joo3l0cr.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2012-02-26 02:05:25 | 000,000,000 | —D | M] (Softonic Toolbar) – C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\joo3l0cr.default\extensions\ffxtlbra@softonic.com [2012-06-03 09:02:56 | 000,000,925 | ---- | M] () – C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\joo3l0cr.default\searchplugins\conduit.xml [2012-03-27 21:03:00 | 000,000,792 | ---- | M] () – C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\joo3l0cr.default\searchplugins\startsear.xml [2012-06-06 16:46:40 | 000,003,915 | ---- | M] () – C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\joo3l0cr.default\searchplugins\sweetim.xml O3:64bit: - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM…\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM…\Run: [Freecorder FLV Service] “C:\Program Files (x86)\Freecorder\FLVSrvc.exe” /run File not found O4 - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\Run: [© Microsoft Real Time Media Stack] C:\Users\asus\AppData\Local\Temp\System\mtvdemd.exe File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2185360552-234034407-3658617728-1000…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windate.exe () [2012-06-22 09:22:06 | 000,000,000 | —D | C] – C:\ProgramData\B7E85886000090D80A17DA28A60145BE [2012-06-26 16:02:22 | 000,769,733 | ---- | M] () – C:\Users\asus\AppData\Roaming\java_u.jar [2012-06-26 16:04:39 | 000,000,280 | ---- | C] () – C:\Program Files (x86)\unin.bat [2012-03-19 23:34:44 | 000,000,000 | —D | M] – C:\Users\asus\AppData\Roaming\1334 [2011-12-20 20:43:20 | 000,000,000 | —D | M] – C:\Users\asus\AppData\Roaming\Complitly [2011-12-22 19:23:11 | 000,514,321 | ---- | C] () – C:\Windows\windate.exe [2011-12-22 19:23:11 | 000,105,760 | ---- | C] () – C:\Windows\os4.exe [2011-12-22 19:23:10 | 000,059,904 | ---- | C] () – C:\Windows\zlib1.dll [2011-12-22 19:23:10 | 000,000,326 | ---- | C] () – C:\Windows\Last.dat [2011-12-22 19:23:10 | 000,000,076 | ---- | C] () – C:\Windows\memlist.dat [2011-12-22 19:23:10 | 000,000,009 | ---- | C] () – C:\Windows\Language.dat [2011-12-22 19:23:10 | 000,000,004 | ---- | C] () – C:\Windows\test.dat :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Atis
26 Czerwiec 2012 19:44
#4
Wklej i kliknij Wykonaj skrypt:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=589c675f- … cf3060b7c9 [2010-12-13 14:36:54 | 000,002,035 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2011-10-26 21:44:37 | 000,000,158 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src O3:64bit: - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKU\S-1-5-21-2185360552-234034407-3658617728-1001…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O8:64bit: - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files (x86)\Tibia2\4shared Desktop\Desktop.32/D_ALL_LINK File not found O8:64bit: - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files (x86)\Tibia2\4shared Desktop\Desktop.32/D_ONE_LINK File not found O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files (x86)\Tibia2\4shared Desktop\Desktop.32/D_ALL_LINK File not found O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files (x86)\Tibia2\4shared Desktop\Desktop.32/D_ONE_LINK File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found :Files C:\ProgramData\B7E85886000090D80A17DA28A60145BE
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania.
Aby usunąć wszystkie punkty przywracania:
http://windows.microsoft.com/pl-PL/wind … tore-point
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
Dysk przeskanuj Malwarebytes-AntiMalware.
Podczas instalacji kliknij Odrzuć żeby zainstalować tylko darmowy skaner.
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
system
27 Czerwiec 2012 06:30
#5
Po co blokujesz serwery Ubisoftu w pliku HOSTS ?