logi z OTL
#1
Napisano 08 12 2012 - 15:45
#2
Napisano 08 12 2012 - 16:00
Uruchom OTL w okienku Własne opcje skanowania/skrypt wklej:
:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\CFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) IE - HKU\S-1-5-21-329068152-527237240-1417001333-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=e0b71545000000000000001d7d97fc9a FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?barid={D04E8403-FDB0-4A98-B487-114455336196}&src=2&crg=3.1010000&q=" O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found :Files C:\WINDOWS\SWREG.exe C:\WINDOWS\SWSC.exe C:\WINDOWS\SWXCACLS.exe C:\ComboFix C:\Qoobox C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\runctf.lnk C:\WINDOWS\PEV.exe C:\WINDOWS\MBR.exe C:\WINDOWS\sed.exe C:\WINDOWS\grep.exe C:\WINDOWS\zip.exe :Commands [emptytemp]Kliknij Wykonaj skrypt daj log z usuwania.
Następnie:
- W OTL'u kliknij "Sprzątanie"
- Uruchom cmd.exe i daj tam komendę sfc /scannow
- nie masz nic podejrzanego w prawym dolnym rogu?
Użytkownik pawel315 edytował ten post 08 12 2012 - 16:01
#3
Napisano 08 12 2012 - 16:12
All processes killed
========== OTL ==========
Service CFcatchme stopped successfully!
Service CFcatchme deleted successfully!
File C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\CFcatchme.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Registry key HKEY_USERS\S-1-5-21-329068152-527237240-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: "http://search.sweetim.com/search.asp?barid={D04E8403-FDB0-4A98-B487-114455336196}&src=2&crg=3.1010000&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WOOTASKBARICON deleted successfully.
========== FILES ==========
C:\WINDOWS\SWREG.exe moved successfully.
C:\WINDOWS\SWSC.exe moved successfully.
C:\WINDOWS\SWXCACLS.exe moved successfully.
C:\ComboFix folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\D folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dane aplikacji\TEMP folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dane aplikacji\97CEFC6B2086154500E197CE1BB32A8A folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dane aplikacji folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Dane aplikacji\Roryab folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Dane aplikacji\Otedci folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Dane aplikacji folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\runctf.lnk moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\MBR.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 25688686 bytes
->Temporary Internet Files folder emptied: 1937643 bytes
->Java cache emptied: 1764833 bytes
->FireFox cache emptied: 122481677 bytes
->Flash cache emptied: 65666 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 145,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12082012_150331
Files\Folders moved on Reboot...
File\Folder C:\Qoobox\BackEnv not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#4
Napisano 08 12 2012 - 16:13
#5
Napisano 08 12 2012 - 16:14
#6
Napisano 08 12 2012 - 16:16
#7
Napisano 08 12 2012 - 16:22
#8
Napisano 08 12 2012 - 16:23
#9
Napisano 08 12 2012 - 16:26
#10
Napisano 08 12 2012 - 16:27
#11
Napisano 08 12 2012 - 16:29
aa ok
oo, ale coś wyskoczyło - okienko z właściwościami opcja, czcionka, układ, kolory...
#12
Napisano 08 12 2012 - 16:30
W OTL'u kliknij "Sprzątanie"
i wykonaj czynności końcowe ->/Czynnosci-ktore-finalizuja-temat-t52069/
#13
Napisano 08 12 2012 - 16:34
#14
Napisano 08 12 2012 - 16:48
#15
Napisano 08 12 2012 - 17:02
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych