Odinstaluj -> SweetIM, SweetPacks Toolbar, Anti-phishing Domain Advisor (dość zbędny), Babylon toolbar, Spam Free Search Bar (lipa), SearchYa Toolbar i UsbFix.
Następnie uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:
Kod:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Video3D)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4cabf90e000000000000000feafc2c95&tlver=1.4.19.19&affID=16553
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={8A228651-656B-11E1-8259-000FEAFC2C95}
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4cabf90e000000000000000feafc2c95&tlver=1.4.19.19&affID=16553
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms}
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&q={searchTerms}
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={8A228651-656B-11E1-8259-000FEAFC2C95}
IE - HKU\S-1-5-21-57989841-854245398-682003330-1003\..\SearchScopes\{F3ACC164-4BED-4A82-A9D8-573D4F5B76E3}: "URL" = http://searchya.com/?chnl=ft-100&s=1&cr=1888343166&cd=2XzutAtN2Y1L1QzutDtDtD0F0E0A0F0CtB0CzyyD0B0FzytD0EtN0D0TzutBtDtCtBtDtBtDzz&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://searchya.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SearchYa!"
[2012-02-04 18:01:14 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Documents and Settings\Zimu\Dane aplikacji\Mozilla\Firefox\Profiles\9624w0v3.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012-02-04 18:01:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Zimu\Dane aplikacji\Mozilla\Firefox\Profiles\9624w0v3.default\extensions\ffxtlbr@babylon.com
[2012-02-08 22:40:41 | 000,000,000 | ---D | M] (searchya.com) -- C:\Documents and Settings\Zimu\Dane aplikacji\Mozilla\Firefox\Profiles\9624w0v3.default\extensions\ffxtlbr@searchya.com
[2012-02-03 22:21:03 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Documents and Settings\Zimu\Dane aplikacji\Mozilla\Firefox\Profiles\9624w0v3.default\extensions\IplextoALL@ALLPlayer.org
[2012-02-08 22:35:59 | 000,001,497 | ---- | M] () -- C:\Documents and Settings\Zimu\Dane aplikacji\Mozilla\Firefox\Profiles\9624w0v3.default\searchplugins\searchya.xml
[2012-03-03 21:00:54 | 000,003,974 | ---- | M] () -- C:\Documents and Settings\Zimu\Dane aplikacji\Mozilla\Firefox\Profiles\9624w0v3.default\searchplugins\sweetim.xml
[2012-02-04 18:01:22 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011-12-16 22:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2012-02-03 22:49:35 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
CHR - Extension: Chrome Updater = C:\Documents and Settings\Zimu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\deoijihiiolhlopbdlcphkfdobmkfkap\1.1_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Zimu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Zimu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Chrome Updater = C:\Documents and Settings\Zimu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\deoijihiiolhlopbdlcphkfdobmkfkap\1.1_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Zimu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Zimu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
@Alternate Data Stream - 242 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B
:Files
C:\WINDOWS\ERDNT
C:\ComboFix
C:\Qoobox
C:\UsbFix
C:\UsbFix_Upload_Me_ZIMU-1AB0E1A1CF.zip
C:\Documents and Settings\All Users\Dane aplikacji\SweetIM
C:\Documents and Settings\All Users\Dane aplikacji\TEMP
C:\Documents and Settings\Zimu\Dane aplikacji\BabylonToolbar
C:\UsbFix.txt
RECYCLER /alldrives
C:\System Volume Information\_restore{10328D35-174C-46C9-9763-44D45F69C597}
:Reg
[HKEY_USERS\S-1-5-21-57989841-854245398-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
:Commands
[clearallrestorepoints]
[emptytemp]
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.
08.03.2012, 20:31
problemy z rendrivem prawdopodobnie robak
Odp: problemy z rendrivem prawdopodobnie robak
Wygląd liniowy
Podobne wątki
