Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety •
Logi z OTL - powolne działanie systemu - Wersja do druku

+- Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety • (https://windows7forum.pl)
+-- Dział: Pomoc i wsparcie, Windows 7 (/pomoc-i-wsparcie-windows-7-26-f)
+--- Dział: Bezpieczeństwo Windows 7 (/bezpieczenstwo-windows-7-15-f)
+---- Dział: Logi (/logi-54-f)
+---- Wątek: Logi z OTL - powolne działanie systemu (/logi-z-otl-powolne-dzialanie-systemu-46704-t)

Logi z OTL - powolne działanie systemu - krzychu8989 - 08.08.2015 01:34

Proszę o sprawdzenie poniższych logów z OTL i ewentualne napisanie skryptu usuwającego złośliwe oprogramowanie.

OTL:
http://wklej.to/F2pjQ
Extras:
http://wklej.to/0qnnQ

RE: Logi z OTL - powolne działanie systemu - SebaKomp - 09.08.2015 20:05

Przeskanuj komputer Malwarebytes Anti-Malware, Emsisoft Emergency Kit i AdwCleaner. Po skanie podaj logi z FRST.

Pozdrawiam,
SebaKomp

RE: Logi z OTL - powolne działanie systemu - Illidan - 16.08.2015 13:03

SebaKomp witaj i na tym forum

Otwórz "OTL" i wklej do niego w pole "Własne opcje skanowania/Skrypt":
Cytat::processes
killallprocesses

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1438596147&z=b2a9618fb1186211c7855d1g6z0cfb7w5t4q2e8bcg&from=face&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1438597139&z=cd9d07843393bcf447f327eg9z4c4bdw7t1mde1mez&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1438597139&z=cd9d07843393bcf447f327eg9z4c4bdw7t1mde1mez&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.mystartsearch.com/web/?type=ds&ts=1438597139&z=cd9d07843393bcf447f327eg9z4c4bdw7t1mde1mez&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1438596147&z=b2a9618fb1186211c7855d1g6z0cfb7w5t4q2e8bcg&from=face&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1438597139&z=cd9d07843393bcf447f327eg9z4c4bdw7t1mde1mez&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1438597139&z=cd9d07843393bcf447f327eg9z4c4bdw7t1mde1mez&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.mystartsearch.com/web/?type=ds&ts=1438597139&z=cd9d07843393bcf447f327eg9z4c4bdw7t1mde1mez&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&q={searchTerms}
IE - HKLM\..\SearchScopes\ielnksrch: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH​9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH​9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH​9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH​9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\..\SearchScopes,DefaultScope = {ielnksrch}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\..\SearchScopes\{ielnksrch}: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH​9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1438596147&z=b2a9618fb1186211c7855d1g6z0cfb7w5t4q2e8bcg&from=face&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH​9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH​9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH​9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&ts=1438597287&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&ts=1438597287&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsurf.com/web/?type=dspp&ts=1438596147&z=b2a9618fb1186211c7855d1g6z0cfb7w5t4q2e8bcg&from=face&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{96B1AC5F-1AD0-4A1D-84E0-18C06A5A5468}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&ts=1438597287&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&ts=1438597287&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{ielnksrch}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST500LT012-1DG142_S3P2XH8TXXXXS3P2XH8T&ts=1438597287&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\STOPzilla!\sbrc.exe" File not found
O4 - HKLM..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found



:Files
C:\Program Files (x86)\0B84B780-1438595149-81E3-2E6E-40167E8800D0\knsy6D8F.tmp
C:\Program Files (x86)\0B84B780-1438595149-81E3-2E6E-40167E8800D0\jnsrA494.tmp
C:\Users\paula_000.PAULINA\AppData\Roaming\istartsurf
C:\Users\paula_000.PAULINA\AppData\Local\BrowserHelper
C:\Program Files (x86)\Object Browser
C:\WINDOWS\tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-1-6.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-1-6.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5_user.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-1-7.job
C:\WINDOWS\tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-1-7.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-7.job
C:\Users\paula_000.PAULINA\AppData\Roaming\TFC64OcadRXkXb
C:\Users\paula_000.PAULINA\AppData\Roaming\OkCLWr7OgCyV

:Commands
[emptytemp]
Wykonaj skrypt w programie i pokaż na forum log z czyszczenia który dostaniesz po restarcie komputera.
Następnie zrób to co mój młody kolega radzi,ale nie wszystko naraz,wpierw pokaż log tylko ze skanu "MBAM":
http://www.malwarebytes.org/mwb-download/
I jeszcze jedno,do końca trzeba się pozbyć "McAfee":
http://www.instalki.pl/programy/download/Windows/deinstalatory/McAfee_Software_Removal.html
Użyj tego programu.