Skocz do zawartości

Zarchiwizowany

Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.

krzys6e

Delta Homes - czy wszystko jest już w porządku?

Polecane posty

Witam. Ostatnio mój brat przez przypadek zainstalował na komputerze malware - wirus zmienił stronę startową i wyszukiwarkę na delta homes. Z tym problemem sobie poradziłem używając adwclenera, ale nie wiem, czy wszystko jest już ok, bo przez kilka ostatnich dni komputer dziwnie się zachowuje, tzn dłużej się włącza, pojawiło się kilka programów których nie instalowałem oraz nie mogę ich usunąć (np po kliknięciu na archiwum .rar zamiast Winrara pokazuje mi jakiegoś Winzippera).

I tu moje pytanie: Z jakich programów dać logi, żebyście mi pomogli zdiagnozować ,,chorobę" mojego PCta?

Link do komentarza
Udostępnij na innych stronach

I tu moje pytanie: Z jakich programów dać logi, żebyście mi pomogli zdiagnozować ,,chorobę" mojego PCta?

Jeżeli używałeś Adwcleaner to daj log(powinien być na c:/adwCleaner) Następnie pobierz ten program, i zrób pełny skan, jeżeli coś wykryje to usuń i daj log.

Link do komentarza
Udostępnij na innych stronach

Odinstaluj przy pomocy revo uninstaller:


Pando Media Booster
Google Update Helper
WinZipper

Uruchom OTL, w oknie własne opcje skanowania/skrypt wklej i kliknij wykonaj skrypt:


:otl
SRV - [2013-08-22 22:35:08 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\WinZipper\winzipersvc.exe -- (winzipersvc)
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHD103SJ_S246J90B171350&ts=1377203721
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHD103SJ_S246J90B171350&ts=1377203721
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O4 - HKU\S-1-5-21-3451807615-308679900-850038110-1001..\Run: [SearchProtection] "C:\Users\Rodzina\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3451807615-308679900-850038110-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rodzina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = File not found
[2013-08-22 22:35:09 | 000,000,000 | ---D | C] -- C:\Users\Rodzina\AppData\Roaming\WinZipper
[2013-08-22 22:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[2013-08-22 22:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZipper
:Commands
[emptytemp]

Po restarcie komputera powstanie log z usuwania, wklej go tutaj.

Link do komentarza
Udostępnij na innych stronach


All processes killed
========== OTL ==========
Service winzipersvc stopped successfully!
Service winzipersvc deleted successfully!
C:\Program Files (x86)\WinZipper\winzipersvc.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry value HKEY_USERS\S-1-5-21-3451807615-308679900-850038110-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3451807615-308679900-850038110-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Rodzina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk moved successfully.
C:\Users\Rodzina\AppData\Roaming\WinZipper folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper\ not found.
C:\Program Files (x86)\WinZipper\uninstaller folder moved successfully.
C:\Program Files (x86)\WinZipper\style folder moved successfully.
C:\Program Files (x86)\WinZipper\layout\default folder moved successfully.
C:\Program Files (x86)\WinZipper\layout folder moved successfully.
C:\Program Files (x86)\WinZipper\language\zh_tw folder moved successfully.
C:\Program Files (x86)\WinZipper\language\zh_cn folder moved successfully.
C:\Program Files (x86)\WinZipper\language\tr_tr folder moved successfully.
C:\Program Files (x86)\WinZipper\language\pt_br folder moved successfully.
C:\Program Files (x86)\WinZipper\language\es_es folder moved successfully.
C:\Program Files (x86)\WinZipper\language\en_us folder moved successfully.
C:\Program Files (x86)\WinZipper\language folder moved successfully.
C:\Program Files (x86)\WinZipper\image\default folder moved successfully.
C:\Program Files (x86)\WinZipper\image folder moved successfully.
C:\Program Files (x86)\WinZipper folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kuba
->Temp folder emptied: 22474095 bytes
->Temporary Internet Files folder emptied: 8284148 bytes
->Google Chrome cache emptied: 347571526 bytes
->Flash cache emptied: 689 bytes

User: Public

User: Rodzina
->Temp folder emptied: 489792972 bytes
->Temporary Internet Files folder emptied: 183715080 bytes
->Google Chrome cache emptied: 355439225 bytes
->Flash cache emptied: 42165 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 189257453 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42289099 bytes
RecycleBin emptied: 523826874 bytes

Total Files Cleaned = 2 063,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08262013_232019
Files\Folders moved on Reboot...
C:\Users\Rodzina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Link do komentarza
Udostępnij na innych stronach

Uruchom OTL, w oknie własne opcje skanowania/skrypt wklej i kliknij wykonaj skrypt:


:OTL
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHD103SJ_S246J90B171350&ts=1377203721
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHD103SJ_S246J90B171350&ts=1377203721
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
[2013-08-24 09:35:40 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\WinZipper
:Commands
[emptytemp]

Daj log z usuwania. Następnie uruchom OTL i użyj opcji Sprzątanie. W Adwcleaner użyj opcji Uninstall.

Link do komentarza
Udostępnij na innych stronach

Przepraszam, że dopiero teraz. Oto log z wykonania skryptu:


All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Users\Kuba\AppData\Roaming\WinZipper\icons folder moved successfully.
C:\Users\Kuba\AppData\Roaming\WinZipper folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 43164427 bytes

User: Kuba
->Temp folder emptied: 515429 bytes
->Temporary Internet Files folder emptied: 4161584 bytes
->Google Chrome cache emptied: 354590363 bytes
->Flash cache emptied: 3182 bytes

User: Public

User: Rodzina
->Temp folder emptied: 1698584 bytes
->Temporary Internet Files folder emptied: 3402510 bytes
->Google Chrome cache emptied: 382949786 bytes
->Flash cache emptied: 725 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19170145 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 45154899 bytes

Total Files Cleaned = 815,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09072013_205945
Files\Folders moved on Reboot...
C:\Users\Rodzina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows emp\_avast_\Webshlock.txt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Link do komentarza
Udostępnij na innych stronach

Gość
Temat jest zablokowany i nie można w nim pisać.


  • Kto przegląda   0 użytkowników

    • Brak zalogowanych użytkowników przeglądających tę stronę.
×
×
  • Utwórz nowe...