maciej321
23 Wrzesień 2012 11:25
#1
Witam jak w temacie, komputer jest spowolniony, wysyłane były do znajomych jakieś wiadomości na FB czy coś, no i zeskanowałem AVG antywirusem i coś tam usunął ale chyba nie wszystko, oto logi:
OTL: http://wklej.to/SkfiW
Extras: http://wklej.to/59tz3
Acorus
23 Wrzesień 2012 14:10
#2
Odinstaluj uTorrentBar Toolbar,Deinstalator Strony V9.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=cor IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/?utm_source=b&utm_medium=cor IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5c3591b0000000000000544249308d99&tlver=1.4.19.19&ss=1&affID=18047 IE - HKLM…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.) IE - HKLM…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKU\S-1-5-21-2367985685-2262887936-2071740436-1002\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=110823 … dd08fe4581 IE - HKU\S-1-5-21-2367985685-2262887936-2071740436-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=cor IE - HKU\S-1-5-21-2367985685-2262887936-2071740436-1002…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=3612_7&babsrc=SP_ss&mntrId=5c3591b00000000000007edd08fe4581 IE - HKU\S-1-5-21-2367985685-2262887936-2071740436-1002…\SearchScopes{87989D1C-9E47-46FC-9C98-891F95CD95B9}: “URL” = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} FF - prefs.js…keyword.URL: “http://search.babylon.com/?affID=110823&tt=3612_7&babsrc=KW_ss&mntrId=5c3591b00000000000007edd08fe4581&q= ” FF - prefs.js…browser.search.defaultenginename: “Search the web (Babylon)” FF - prefs.js…browser.search.selectedEngine: “Search the web (Babylon)” FF - prefs.js…browser.search.order.1: “Search the web (Babylon)” [2012/09/09 13:30:37 | 000,000,000 | —D | M] (No name found) – C:\Users\ja\AppData\Roaming\mozilla\Firefox\Profiles\zfh4vndy.default\extensions\ffxtlbr@babylon.com [2012/09/09 13:30:55 | 000,002,212 | ---- | M] () – C:\Users\ja\AppData\Roaming\mozilla\firefox\profiles\zfh4vndy.default\searchplugins\BabylonMngr.xml [2012/05/07 19:11:59 | 000,000,428 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml O3 - HKLM…\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll (Funmoods) O3 - HKLM…\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2367985685-2262887936-2071740436-1002…\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.) O4 - HKU\S-1-5-21-2367985685-2262887936-2071740436-1002…\Run: [Facebook Update] C:\Users\ja\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Key error.) [2012/09/09 13:30:55 | 000,000,000 | —D | C] – C:\ProgramData\Browser Manager [2012/09/23 12:01:01 | 000,001,066 | ---- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2367985685-2262887936-2071740436-1002UA.job [2012/09/22 18:06:14 | 000,001,044 | ---- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2367985685-2262887936-2071740436-1002Core.job [2011/12/14 22:35:47 | 000,000,000 | —D | M] – C:\Users\ja\AppData\Roaming\OpenCandy :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.
Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).