Witam
Gdy wyszukuje coś w google i klikam w link, przekierowuje mnie na inną stronę, zazwyczaj na monstermarketplace com. Przeinstalowanie Firefoxa nic nie daje.
Zamieszczam logi z OTL
Napisano 04 07 2013 - 09:31
Witam
Gdy wyszukuje coś w google i klikam w link, przekierowuje mnie na inną stronę, zazwyczaj na monstermarketplace com. Przeinstalowanie Firefoxa nic nie daje.
Zamieszczam logi z OTL
Napisano 04 07 2013 - 11:20
:OTL O4 - HKLM..\Run: [] File not found :Files C:\Documents and Settings\user\windowsupdate.exe C:\Documents and Settings\user\notepad.exe C:\Documents and Settings\user\msconfig.exe C:\Documents and Settings\user\flashplayer.exe C:\Documents and Settings\user\chrome.exe C:\Documents and Settings\user\icq.exe C:\Documents and Settings\user\csrss.exe C:\Documents and Settings\user\acrobatreader.exe C:\Documents and Settings\user\spoolsv.exe C:\Documents and Settings\user\java.exe C:\Documents and Settings\user\iexplore.exe C:\Documents and Settings\user\winlogon.exe C:\Documents and Settings\user\vlcplayer.exe C:\Documents and Settings\user\mstsc.exe C:\Documents and Settings\user\jucheck.exe C:\Documents and Settings\user\teamviewer.exe C:\WINDOWS\System32\RTCOMH.dll :Commands [emptytemp]
Napisano 05 07 2013 - 11:12
Uruchomiłem OTL z podanym skryptem oraz uruchomiłem ponowne skanowanie. Wyniki zamieszczam w załączniku.
TDSSkiller wykrył coś takiego Rootkit.Win32.BackBoot.gen
Powinno być już ok? Czy coś jeszcze siedzi w komputerze? Przekierowania występowały sporadycznie, więc nie jestem w stanie od razu stwierdzić czy to pomogło.
All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== FILES ========== C:\Documents and Settings\user\windowsupdate.exe moved successfully. C:\Documents and Settings\user\notepad.exe moved successfully. C:\Documents and Settings\user\msconfig.exe moved successfully. C:\Documents and Settings\user\flashplayer.exe moved successfully. C:\Documents and Settings\user\chrome.exe moved successfully. C:\Documents and Settings\user\icq.exe moved successfully. C:\Documents and Settings\user\csrss.exe moved successfully. C:\Documents and Settings\user\acrobatreader.exe moved successfully. C:\Documents and Settings\user\spoolsv.exe moved successfully. C:\Documents and Settings\user\java.exe moved successfully. C:\Documents and Settings\user\iexplore.exe moved successfully. C:\Documents and Settings\user\winlogon.exe moved successfully. C:\Documents and Settings\user\vlcplayer.exe moved successfully. C:\Documents and Settings\user\mstsc.exe moved successfully. C:\Documents and Settings\user\jucheck.exe moved successfully. C:\Documents and Settings\user\teamviewer.exe moved successfully. C:\WINDOWS\System32\RTCOMH.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 9701469 bytes ->Temporary Internet Files folder emptied: 130043 bytes ->FireFox cache emptied: 13599286 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 57472 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: user ->Temp folder emptied: 35213253 bytes ->Temporary Internet Files folder emptied: 8061222 bytes ->Java cache emptied: 168777890 bytes ->FireFox cache emptied: 62879171 bytes ->Google Chrome cache emptied: 6908587 bytes ->Flash cache emptied: 2662991 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 82065 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 294,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07052013_105134 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1f4.dat not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...
Użytkownik molon1 edytował ten post 05 07 2013 - 11:15
Napisano 05 07 2013 - 12:54
Ten log z TDSSkiller'a by mi sie przydał, jest na dysku C:\
Dołącz go
0 użytkowników, 0 gości, 0 anonimowych