FRST, OTL. Sprawdzenie logów.

bedefix · 17 Maja 2014

Mógł by ktoś sprawdzić moje logi z FRST i OTL? Ja się na tym kompletnie nie znam, a chce mieć pewność że nie mam jakiegoś syfu na kompie.

logi:

FRST:

http://wklej.org/id/1363842/
http://wklej.org/id/1363844/
http://wklej.org/id/1363848/

OTL:

http://wklej.org/id/1363850/

Extras:

http://wklej.org/id/1363853/

Janusz. · 17 Maja 2014

1. Odinstaluj Bonanza Deals, SupTab, BitTorrent, SaveSense, Ask Toolbar, dosearches Browser Protecter

2. W własne opcje skanowania wklej:

:OTL
SRV - [2014-03-26 23:06:53 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014-02-08 22:17:20 | 000,146,920 | ---- | M] (SaveSense) [On_Demand | Stopped] -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe -- (savesenselivem)
SRV - [2014-02-08 22:17:20 | 000,146,920 | ---- | M] (SaveSense) [Auto | Stopped] -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe -- (savesenselive)
SRV - [2013-10-27 18:05:48 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem)
SRV - [2013-10-27 18:05:48 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178'>http://www.sweet-page.com/?type=hp&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178'>http://www.sweet-page.com/?type=hp&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178&q={searchTerms}
IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=E4Fb&q={searchTerms}
IE - HKU\S-1-5-21-1542090897-2049847737-4097869356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178'>http://www.sweet-page.com/?type=hp&ts=1391890627&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178
IE - HKU\S-1-5-21-1542090897-2049847737-4097869356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178&ts=1393435626&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1542090897-2049847737-4097869356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178&ts=1393435626&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1542090897-2049847737-4097869356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sweet-page.com/?type=hp [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1542090897-2049847737-4097869356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com/?s=E4Fb
IE - HKU\S-1-5-21-1542090897-2049847737-4097869356-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=E4Fb&q={searchTerms}
IE - HKU\S-1-5-21-1542090897-2049847737-4097869356-1000\..\SearchScopes\7B7325D100314C1C8D4D07A2E43BE495: "URL" = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S517817878178&ts=1393435626&type=default&q={searchTerms}
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Ściągaj z Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O13 - gopher Prefix: missing
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2]

:Files
C:\Users\BARTEK\AppData\Roaming\newnext.me
C:\Users\BARTEK\AppData\Roaming\SaveSense
C:\Users\BARTEK\AppData\Roaming\SupTab

:Commands
[emptytemp]

Wykonaj skrypt, zatwierdź restart

3. Dostarcz fix log (utworzy się po restarcie komputera) oraz nowy log OTL bez pliku Extras.txt (Odznacz opcje "Rejestr - skan dodatkowy")

Zaloguj się

👋 Witaj na MPCForum!

FRST, OTL. Sprawdzenie logów.

Pytanie

bedefix

bedefix

1 odpowiedź na to pytanie

Rekomendowane odpowiedzi

Janusz.

Janusz.

Zarchiwizowany