Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

OTL/ EXTRAS Proszę o sprawdzenie chyba wirus

15 Gru 2012 10:25 1341 5
  • Darmowe szkolenie: Ethernet w przemyśle dziś i jutro. Zarejestruj się za darmo.
  • Spec od komputerów
    Odinstaluj DealPly,McAfee Security Scan Plus,V9 Homepage Uninstaller.Użyj AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner z funkcji Delete(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
    Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Cytat:
    :OTL
    O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
    O4 - HKLM..\Run: [TaskTray] File not found
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
    O4 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_SF778.tmp" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000..\Run: [StartNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT File not found
    O4 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

    :Commands
    [emptytemp]


    Kliknij Wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
    Pokaż nowy log OTL.txt oraz raport z usuwania.
  • Spec od komputerów
    Uzyles AdwCleaner, opcja Delete? Nie sciagaj z IDG oraz podobnych serwisow tylko ze stron autorow programow lub z bezposrednich linkow do pliku.

    Sciagnij stad: http://general-changelog-team.fr/en/tools/15-adwcleaner

    Odinstaluj:
    Google Toolbar

    Java do aktualizacji -> www.java.com

    Uzyj: http://jpshortstuff.247fixes.com/SystemLook.html ze skryptem:

    :filefind
    explorer.exe
    userinit.exe

    Po wykonaniu daj log.

    Wykonaj skrypt w OTL:

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=v9...m=v9tb&uid=5RA9ZV83_ST3160815AS&ts=1355565198
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=v9...m=v9tb&uid=5RA9ZV83_ST3160815AS&ts=1355565198
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=33953&bs=true&tid=2958&q={searchTerms}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={FDEACC6A-061A-4A7F-B8E5-F4821AB70C60}
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=v9...m=v9tb&uid=5RA9ZV83_ST3160815AS&ts=1355565198
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=v9...m=v9tb&uid=5RA9ZV83_ST3160815AS&ts=1355565198
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No CLSID value found
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.funmoods.com/?a=ironto&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110811&tt=210512_53&babsrc=SP_def&mntrId=4cba2cfa000000000000002719bc20a8
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CPUID&o=14654&
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startnow.com/s/?q={searchTerms}
    IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={FDEACC6A-061A-4A7F-B8E5-F4821AB70C60}
    FF - prefs.js..browser.search.defaultengine: "Web Search"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q="
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q="
    FF - prefs.js..browser.search.defaultenginename: "v9"
    FF - prefs.js..browser.search.order.1: "v9"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.search.selectedEngine: "v9"
    FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?utm_source=b&utm_medium=v9tb&from=v9tb&uid=5RA9ZV83_ST3160815AS&ts=1355565198"
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\banan\AppData\Local\RewardsArcade\498\Firefox
    [2012-03-25 20:42:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\banan\AppData\Roaming\mozilla\Firefox\Profiles\v9mljk2y.default\extensions\ffxtlbr@babylon.com
    [2012-03-25 20:22:04 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\banan\AppData\Roaming\mozilla\Firefox\Profiles\v9mljk2y.default\extensions\ffxtlbr@funmoods.com
    [2011-11-17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\askcom.xml
    [2012-11-08 16:06:04 | 000,000,915 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\conduit.xml
    [2012-03-25 20:22:01 | 000,001,800 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\funmoods.xml
    [2012-09-25 10:09:30 | 000,002,356 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\startnow.xml
    [2012-03-25 21:23:38 | 000,004,089 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\sweetim.xml
    [2012-11-19 15:12:21 | 000,003,269 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\Web Search.xml
    [2011-11-22 20:00:31 | 000,001,390 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\yahoo-zugo.xml
    [2012-05-21 14:49:21 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012-12-15 10:53:18 | 000,000,402 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
    [2012-11-19 15:12:21 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
    O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O20 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000 Winlogon: Shell - (C:\Users\banan\AppData\Roaming\skype.dat) - C:\Users\banan\AppData\Roaming\skype.dat ()
    [2012-12-15 11:16:10 | 002,126,960 | ---- | C] () -- C:\Users\banan\Desktop\adwcleaner_idg_downloader_56751_pc.exe
    [2011-12-05 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\Babylon

    Po wykonaniu daj nowy log ze skanowania.
  • Spec od komputerów
    Co uwazasz za zrobione? Nie widze zebys dal log z SystemLook o ktory prosilem.

    Do tego nadal nie uzyles AdwCleaner.

    Usun te dodatki z Chrome:
    CHR - Extension: RewardsArcade
    CHR - Extension: AutocompletePro plugin for chrome
    CHR - Extension: DealPly
    CHR - Extension: AVG Safe Search