Korzystając z przeglądarki co kilka minut wyskakuje mi nowe okno Mozilli ze stroną z grami on-line lub z jakimś porno-video-czatem. Avast nie wykrywa żadnych nieprawidłowości. Podaję linka do loga:
http://wklej.org/id/180936/
dodam że kompletnie się na tym nie znam, więc proszę o pomoc
a o tych logach dowiedziałam się z forum
deFco247
20 Październik 2009 20:44
#2
Pokaż logi OTL SREng
jessica
21 Październik 2009 03:09
#4
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:
:OTL IE - HKU\S-1-5-21-1123561945-2077806209-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php FF - prefs.js…browser.startup.homepage: “http://www.theprizeday.com/today.php|http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official\n ” FF - prefs.js…extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:2.0.0.1050 FF - prefs.js…extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.8.1.4690 FF - HKLM\software\mozilla\Firefox\extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF [2009-09-10 17:03:05 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\2.0.0.1050\FF [2009-09-10 17:03:16 | 00,000,000 | —D | M] [2009-09-10 17:05:53 | 00,002,381 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\sukoku117.xml [2009-09-29 20:08:42 | 00,002,381 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\sukoku119.xml O4 - HKU\S-1-5-21-1123561945-2077806209-839522115-1006…\Run: [cdoosoft] C:\Documents and Settings\cwele xD\Ustawienia lokalne\Temp\herss.exe () :Files C:\DOCUME~1\CWELEX~1\USTAWI~1\Temp\herss.exe C:\Documents and Settings\All Users\Dane aplikacji\Sukoku C:\Program Files\Sukoku C:\Program Files\System Search Dispatcher C:\Program Files\Internet Saving Optimizer C:\Program Files\Media Access Startup C:\DOCUME~1\CWELEX~1\USTAWI~1\Temp\cvasds0.dll C:\nds0q.exe D:\nds0q.exe C:\autorun.inf D:\autorun.inf C:\ph.exe D:\ph.exe C:\se12ydam.exe D:\se12ydam.exe :Services Sukoku Service :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “SuperHidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “Hidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ShowSuperHidden”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] “CheckedValue”=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] “eMuleAutoStar”=- “cdoosoft”=- “AQQ”=- “Picasa Media Detector”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] “HWSetup”=- “Symantec PIF AlertEng”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BearShare”=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CDBFB47B-58A8-4111-BF95-06178DCE326D}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{2670000A-7350-4F3C-8081-5663EE0C6C49}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{92780B25-18CC-41C8-B9BE-3C9C571A8263}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E2E2DD38-D088-4134-82B7-F2BA38496583}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{FB5F1910-F110-11D2-BB9E-00C04F795683}] :Commands [emptytemp] [Reboot]
Kliknij w Run Fix . Zatwierdź restart komputera.
Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.
Pokaż nowy log OTL.txt oraz log z czyszczenia.
jessi
OTL z czyszczenia :
http://wklej.org/id/181486/
– Dodane 21.10.2009 (Śr) 23:04 –
tamto ostatnie było złe, daje prawidłowe
extras.txt :
http://wklej.org/id/181897/
OTL.txt:
http://wklej.org/id/181486/
jessica
21 Październik 2009 23:39
#6
Coś u Ciebie OTL nie chce usuwać.
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:
:OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com?o=15003&l=dis [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php FF - HKLM\software\mozilla\Firefox\extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF [2009-09-10 17:03:05 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\2.0.0.1050\FF [2009-09-10 17:03:16 | 00,000,000 | —D | M] [2009-09-10 17:05:53 | 00,002,381 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\sukoku117.xml [2009-09-29 20:08:42 | 00,002,381 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\sukoku119.xml :Files C:\Program Files\Internet Saving Optimizer C:\Program Files\Media Access Startup C:\Program Files\mozilla firefox\searchplugins\sukoku119.xml C:\Program Files\mozilla firefox\searchplugins\sukoku117.xml C:\autorun.inf D:\autorun.inf C:\nds0q.exe D:\nds0q.exe C:\se12ydam.exe D:\se12ydam.exe :Reg [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CDBFB47B-58A8-4111-BF95-06178DCE326D}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “eMuleAutoStart”=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Komunikator”=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Nero PhotoShow Media Manager”=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “SuperHidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “Hidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ShowSuperHidden”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] “CheckedValue”=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" :Commands [emptytemp] [Reboot]
Kliknij w Run Fix . Zatwierdź restart komputera.
Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.
Pokaż nowy log OTL.txt oraz log z czyszczenia.
Jeśli zauważysz w nowym logu któryś z tych elementów, które powinny się usunąć, to dasz także log z ComboFix
jessi
