Chwytaj, mistrzu 
Wyświetl
Moje logi OTL
- Wklej poniższy skrypt do pola Custom Scans/Fixes i kliknij Run Fix:
Kod:
:OTL
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-839522115-813497703-1801674531-1001..\Run: [wsctf.exe] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - File not found
O32 - AutoRun File - [2009-04-29 21:37:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-05-01 11:53:20 | 00,014,063 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
:Files
C:\WINDOWS\dog4.scr
C:\WINDOWS\dog4 dir
C:\WINDOWS\dog3.scr
C:\WINDOWS\dog3 dir
C:\WINDOWS\dog2.scr
C:\WINDOWS\dog2 dir
C:\WINDOWS\dog1.scr
C:\WINDOWS\dog1 dir
C:\Documents and Settings\---\Dane aplikacji\Download Manager
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMonLog]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UMWdf]
"Start"=dword:00000004
:Commands
[emptytemp]
[start explorer]
[Reboot]
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-839522115-813497703-1801674531-1001..\Run: [wsctf.exe] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - File not found
O32 - AutoRun File - [2009-04-29 21:37:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-05-01 11:53:20 | 00,014,063 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
:Files
C:\WINDOWS\dog4.scr
C:\WINDOWS\dog4 dir
C:\WINDOWS\dog3.scr
C:\WINDOWS\dog3 dir
C:\WINDOWS\dog2.scr
C:\WINDOWS\dog2 dir
C:\WINDOWS\dog1.scr
C:\WINDOWS\dog1 dir
C:\Documents and Settings\---\Dane aplikacji\Download Manager
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMonLog]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UMWdf]
"Start"=dword:00000004
:Commands
[emptytemp]
[start explorer]
[Reboot]
- Po restarcie pojawi się log z czyszczenia. Umieść go tutaj w tagach CODE.
- Ściągnij Malwarebytes' Anti-Malware i zrób szybki skan. Po usunięciu zagrożeń umieść log w tagach CODE.
- Ściągnij StartUpLite i wyłącz wszystkie podane na liście autostarty (przełączając wszędzie na Disable i klikając Continue).
Użytkownik Roku 2011 i 2012
1511
Kod:
All processes killed
========== OTL ==========
No active process named Explorer.EXE was found!
Registry value HKEY_USERS\S-1-5-21-839522115-813497703-1801674531-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path\ deleted successfully.
C:\AUTOEXEC.BAT moved successfully.
C:\AutoMapaSetupLog.txt moved successfully.
File KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMonLog] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UMWdf] not found.
File ptytemp] not found.
File art explorer] not found.
File boot] not found.
OTL by OldTimer - Version 3.0.10.7 log created on 08242009_122851
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== OTL ==========
No active process named Explorer.EXE was found!
Registry value HKEY_USERS\S-1-5-21-839522115-813497703-1801674531-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path\ deleted successfully.
C:\AUTOEXEC.BAT moved successfully.
C:\AutoMapaSetupLog.txt moved successfully.
File KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMonLog] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc] not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UMWdf] not found.
File ptytemp] not found.
File art explorer] not found.
File boot] not found.
OTL by OldTimer - Version 3.0.10.7 log created on 08242009_122851
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Kod:
Malwarebytes' Anti-Malware 1.40
Wersja bazy definicji: 2687
Windows 5.1.2600 Dodatek Service Pack 3
2009-08-25 11:59:52
mbam-log-2009-08-25 (11-59-50).txt
Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowane obiekty: 183698
Upłynęło: 27 minute(s), 52 second(s)
Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 1
Zainfekowane foldery: 0
Zainfekowane pliki: 0
Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)
Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)
Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)
Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)
Zainfekowane pliki rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
Zainfekowane foldery:
(Nie wykryto groźnych plików)
Zainfekowane pliki:
(Nie wykryto groźnych plików)
Wersja bazy definicji: 2687
Windows 5.1.2600 Dodatek Service Pack 3
2009-08-25 11:59:52
mbam-log-2009-08-25 (11-59-50).txt
Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowane obiekty: 183698
Upłynęło: 27 minute(s), 52 second(s)
Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 1
Zainfekowane foldery: 0
Zainfekowane pliki: 0
Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)
Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)
Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)
Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)
Zainfekowane pliki rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
Zainfekowane foldery:
(Nie wykryto groźnych plików)
Zainfekowane pliki:
(Nie wykryto groźnych plików)
Skrypt jakby się nie wykonał. Skopiuj zawartość poniższego skryptu, wklej do Custom Scans/Fixes w OTL i kliknij na Run Fix.
:OTL
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
:Files
C:\WINDOWS\dog4.scr
C:\WINDOWS\dog4 dir
C:\WINDOWS\dog3.scr
C:\WINDOWS\dog3 dir
C:\WINDOWS\dog2.scr
C:\WINDOWS\dog2 dir
C:\WINDOWS\dog1.scr
C:\WINDOWS\dog1 dir
C:\Documents and Settings\---\Dane aplikacji\Download Manager
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMonLog]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UMWdf]
"Start"=dword:00000004
:Commands
[emptytemp]
[start explorer]
:OTL
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
:Files
C:\WINDOWS\dog4.scr
C:\WINDOWS\dog4 dir
C:\WINDOWS\dog3.scr
C:\WINDOWS\dog3 dir
C:\WINDOWS\dog2.scr
C:\WINDOWS\dog2 dir
C:\WINDOWS\dog1.scr
C:\WINDOWS\dog1 dir
C:\Documents and Settings\---\Dane aplikacji\Download Manager
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMonLog]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UMWdf]
"Start"=dword:00000004
:Commands
[emptytemp]
[start explorer]