system
(system)
5 Maj 2010 19:17
#1
Dostałem do przeczyszczenia laptopa od koleżanki. Oczywiście kobietą (szczególnie tym ładnym) się nie odmawia. Od razu po uruchomieniu odpala się miliony zbędnych programów, postanowiłem zacząć od oczyszczenia autorunów. Dlatego zwracam się do Was z wielką prośbą. Oto logi:
hijackthis - http://wklej.org/id/328792/
OTL - http://wklej.org/id/328796/
szczerze to bym tylko antywirusa zostawił w tym auto starcie
Lukasz6
(Łukasz)
5 Maj 2010 19:49
#3
W OTL w dolne okienko , Custom Scans/Fixes " wklej:
:Processes killallprocesses :OTL O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (UrlHelper Class) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll () O3 - HKLM…\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (BearShare) O3 - HKCU…\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (BearShare) O4 - HKLM…\Run: [Microsoft Windows Hosting Service Login] C:\Users\Termet\AppData\Local\Temp\explorer.exe () O4 - HKLM…\Run: [MicrosoftNAPC] C:\Windows\TT.exe (Billar Crypter v1) O4 - HKLM…\Run: [MSN] C:\Windows\System32\ToolbarNotifiers.exe () O4 - HKLM…\Run: [msngers] c:\spoolvsis.exe (mIRC Co. Ltd.) O4 - HKLM…\Run: [NDSTray.exe] File not found O4 - HKLM…\Run: [raidh0st] C:\Windows\raidh0st.exe (dfsffgdggg) O4 - HKLM…\Run: [systemappl] File not found O4 - HKLM…\Run: [Windows update register] C:\Users\Termet\AppData\Local\Temp\winlog1n.exe () O4 - HKCU…\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe File not found O4 - HKCU…\Run: [Microsoft Windows Hosting Service Login] C:\Users\Termet\AppData\Local\Temp\explorer.exe () O4 - HKCU…\Run: [systemappl] C:\Users\Termet\AppData\Roaming\cscss.exe (HellFire) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: MicrosoftCorp = C:\Windows\TT.exe (Billar Crypter v1) O20 - HKLM Winlogon: TaskMan - (C:\Users\Termet\AppData\Roaming\kvmm.exe) - C:\Users\Termet\AppData\Roaming\kvmm.exe File not found O33 - MountPoints2{3f4e0c88-9b93-11dd-8f9c-001e334bd549}\Shell\AutoRun\command - “” = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe – File not found O33 - MountPoints2{3f4e0c88-9b93-11dd-8f9c-001e334bd549}\Shell\open\command - “” = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe – File not found O33 - MountPoints2{448375a4-c9dd-11dd-8d62-fc02ccee429e}\Shell\AutoRun\command - “” = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe – File not found O33 - MountPoints2{448375a4-c9dd-11dd-8d62-fc02ccee429e}\Shell\open\command - “” = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe – File not found O33 - MountPoints2{7940ae09-9c74-11dd-8d9b-001e334bd549}\Shell\AutoRun\command - “” = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe – File not found O33 - MountPoints2{7940ae09-9c74-11dd-8d9b-001e334bd549}\Shell\open\command - “” = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe – File not found [2010-05-02 23:27:59 | 000,086,016 | RHS- | C] (HellFire) – C:\Users\Termet\AppData\Roaming\cscss.exe :Files C:\microsoft.exe C:\zer.exe C:\Windows\raidh0st.exe C:\vla.exe C:\8587723.INS C:\67612956.INS C:\99832437.INS C:\95546440.INS C:\68105928.INS C:\55752060.INS C:\77047081.INS C:\77446506.INS C:\592996.INS C:\5008216.INS C:\14101435.INS C:\8272202.INS C:\49258879.INS C:\77279764.INS C:\87432872.INS C:\48171491.INS C:\82562790.INS C:\46602466.INS C:\16263294.INS C:\71793066.INS C:\77463279.INS C:\91723679.INS C:\spoolvsis.exe C:\Users\Termet\AppData\Local\Tempkl5836.html C:\Users\Termet\AppData\Local\TempVU5836.html C:\Users\Termet\AppData\Local\TempIx1496.html C:\Users\Termet\AppData\Local\TempJv1496.html C:\Users\Termet\AppData\Local\TempuD3652.html C:\Users\Termet\AppData\Local\TempBO3652.html C:\Users\Termet\AppData\Local\TempWG5492.html C:\Users\Termet\AppData\Local\TempQt5492.html C:\Users\Termet\AppData\Roaming\cscss.exe C:\Users\Termet\AppData\Local\TempEr4292.html C:\Users\Termet\AppData\Local\TempAc4292.html C:\Users\Public\Desktop\Skype.lnk C:\Users\Termet\AppData\Local\Tempqm4300.html C:\Users\Termet\AppData\Local\TempEV4300.html C:\Users\Termet\AppData\Local\TempvC4716.html C:\Users\Termet\AppData\Local\TempXJ4716.html C:\Users\Termet\AppData\Local\TempJK4964.html C:\Users\Termet\AppData\Local\Tempsa4964.html C:\Users\Termet\AppData\Local\Tempds5520.html C:\Users\Termet\AppData\Local\TempAA5520.html C:\Users\Termet\AppData\Local\TempAe5748.html C:\Users\Termet\AppData\Local\TempKt5748.html C:\Users\Termet\AppData\Local\TempIp4060.html C:\Users\Termet\AppData\Local\TempWy4060.html C:\Users\Termet\AppData\Local\Tempvm5032.html C:\Users\Termet\AppData\Local\Tempag5032.html C:\Users\Termet\AppData\Local\TempsL5436.html C:\Users\Termet\AppData\Local\TempaW5436.html C:\Users\Termet\AppData\Local\TempPL5556.html C:\Users\Termet\AppData\Local\Tempvn5556.html C:\Users\Termet\AppData\Local\TempvJ5456.html C:\Users\Termet\AppData\Local\TempRH5456.html C:\Users\Termet\AppData\Local\TempEB4892.html C:\Users\Termet\AppData\Local\TempZm4892.html C:\Users\Termet\AppData\Local\TempNQ5540.html C:\Users\Termet\AppData\Local\TempfC5540.html C:\Users\Termet\AppData\Local\TempSU4492.html C:\Users\Termet\AppData\Local\TempYh4492.html C:\Users\Termet\AppData\Local\TempHs4788.html C:\Users\Termet\AppData\Local\Temprf4788.html C:\Users\Termet\AppData\Local\TempnK5160.html C:\Users\Termet\AppData\Local\TempUr5160.html C:\Users\Termet\AppData\Local\Tempur5408.html C:\Users\Termet\AppData\Local\TempMN5408.html C:\Users\Termet\AppData\Local\Tempqi3280.html C:\Users\Termet\AppData\Local\Tempbc3280.html C:\Users\Termet\AppData\Local\Tempay3528.html C:\Users\Termet\AppData\Local\TemprT3528.html C:\Users\Termet\AppData\Local\TempVS5708.html C:\Users\Termet\AppData\Local\Tempaa5708.html C:\Users\Termet\AppData\Local\TempzY3244.html C:\Users\Termet\AppData\Local\TempPJ3244.html C:\Users\Termet\AppData\Local\TempUe3736.html C:\Users\Termet\AppData\Local\Tempqa3736.html C:\Users\Termet\AppData\Local\TempHz5564.html C:\Users\Termet\AppData\Local\TempsX5564.html C:\Users\Termet\AppData\Local\TempQe4896.html C:\Users\Termet\AppData\Local\TempWV4896.html C:\Program Files\q3p5f.msp C:\Program Files\r47.reg C:\Program Files\ns2.exe C:\Program Files\ns1.exe C:\Program Files\i9ct7.zip C:\Program Files\admirall .msi C:\Program Files\admirall .wxs C:\Program Files\dc1f7.msp C:\Program Files\dclick39.dll C:\Program Files\dbqp.fon C:\Program Files\d37.reg C:\Program Files\c70.reg C:\Program Files\a5p63.msp C:\ssdzffs.exe C:\69768441.INS C:\System C:\winregs.ocx C:\Refix.ocx C:\irsss.hlp C:\ionfgs.hlp C:\systemac.dll C:\mirc.ini C:\sysingb32.dll C:\imds.hlp C:\Beclickz.dll C:\aliases.ini :Commands [emptytemp] [start explorer] [Reboot]
Kliknij Run Fix. Zrestartuj komputer
Potem daj raport, który wyskoczy po usuwaniu oraz wykonaj nowy log OTLem
Mandriv
(Cayman)
5 Maj 2010 19:53
#4
Zgadzam się ,ale zmieniłbym antywirusa na avasta 5
blckns007 , nazwij temat konkretnie, zgodnie z tym tematem zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html Inaczej zostanie usunięty.