krzychu8989
Nowy
Liczba postów: 1
|
Logi z OTL - powolne działanie systemu
Proszę o sprawdzenie poniższych logów z OTL i ewentualne napisanie skryptu usuwającego złośliwe oprogramowanie.
OTL:
http://wklej.to/F2pjQ
Extras:
http://wklej.to/0qnnQ
|
SebaKomp
Młodszy user systemu
Liczba postów: 61
|
RE: Logi z OTL - powolne działanie systemu
Przeskanuj komputer Malwarebytes Anti-Malware, Emsisoft Emergency Kit i AdwCleaner. Po skanie podaj logi z FRST.
Pozdrawiam,
SebaKomp
|
Illidan
Ekspert
Liczba postów: 1.024
|
RE: Logi z OTL - powolne działanie systemu
SebaKomp witaj i na tym forum
Otwórz "OTL" i wklej do niego w pole "Własne opcje skanowania/Skrypt":
Cytat::processes
killallprocesses
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=...XXS3P2XH8T
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=d...archTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=d...archTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...;pc=ASU2JS
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.mystartsearch.com/web/?type=d...archTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=...XXS3P2XH8T
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=d...archTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=d...archTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...;pc=ASU2JS
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.mystartsearch.com/web/?type=d...archTerms}
IE - HKLM\..\SearchScopes\ielnksrch: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\..\SearchScopes,DefaultScope = {ielnksrch}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1001\..\SearchScopes\{ielnksrch}: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=...XXS3P2XH8T
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjHVba3oZzKtYuqiRYQu7SNjtbd9RsQAGPJbgH8UYCEiPCedqH9hN9SCrnsWI7RXyneELk-cxQRzFpMaouX-1uORP_NrIu9hYS3nTNIVWJkkJBF3thzsMImlvdUbj8cff_UygKbZoCWdopQ,,&q={searchTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.mystartsearch.com/web/?utm_so...archTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://www.mystartsearch.com/web/?utm_so...archTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsurf.com/web/?type=dspp...archTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{96B1AC5F-1AD0-4A1D-84E0-18C06A5A5468}: "URL" = http://www.mystartsearch.com/web/?utm_so...archTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://www.mystartsearch.com/web/?utm_so...archTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\..\SearchScopes\{ielnksrch}: "URL" = http://www.mystartsearch.com/web/?utm_so...archTerms}
IE - HKU\S-1-5-21-1830551616-85745434-2056941307-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\STOPzilla!\sbrc.exe" File not found
O4 - HKLM..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found
:Files
C:\Program Files (x86)\0B84B780-1438595149-81E3-2E6E-40167E8800D0\knsy6D8F.tmp
C:\Program Files (x86)\0B84B780-1438595149-81E3-2E6E-40167E8800D0\jnsrA494.tmp
C:\Users\paula_000.PAULINA\AppData\Roaming\istartsurf
C:\Users\paula_000.PAULINA\AppData\Local\BrowserHelper
C:\Program Files (x86)\Object Browser
C:\WINDOWS\tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-1-6.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-1-6.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5_user.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-1-7.job
C:\WINDOWS\tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-1-7.job
C:\WINDOWS\tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-7.job
C:\Users\paula_000.PAULINA\AppData\Roaming\TFC64OcadRXkXb
C:\Users\paula_000.PAULINA\AppData\Roaming\OkCLWr7OgCyV
:Commands
[emptytemp]
Wykonaj skrypt w programie i pokaż na forum log z czyszczenia który dostaniesz po restarcie komputera.
Następnie zrób to co mój młody kolega radzi,ale nie wszystko naraz,wpierw pokaż log tylko ze skanu "MBAM":
http://www.malwarebytes.org/mwb-download/
I jeszcze jedno,do końca trzeba się pozbyć "McAfee":
http://www.instalki.pl/programy/download...moval.html
Użyj tego programu.
(Ten post był ostatnio modyfikowany: 16.08.2015 13:08 przez Illidan.)
16.08.2015 13:03
|