Czyszczenie komputera

[bulterier47]

Witam, tym razem chciałem zobaczyć czy nie mam ukrytych problemów z komputerem. Załączam logi.

[wojtas]

odinstaluj:
DealPly

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817
IE - HKU\S-1-5-21-2397394961-259028453-3985729963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=21758B03D06F4122B60D367CB391BFF4&machine_id=ec953356d06bc52380b431152ff6799f&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
IE - HKU\S-1-5-21-2397394961-259028453-3985729963-1000\..\SearchScopes,DefaultScope = {ABD93EAF-D775-BC54-E63B-2804F22FD156}
IE - HKU\S-1-5-21-2397394961-259028453-3985729963-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=PL&install_date=20110901&user_guid=21758B03D06F4122B60D367CB391BFF4&machine_id=ec953356d06bc52380b431152ff6799f&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
IE - HKU\S-1-5-21-2397394961-259028453-3985729963-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=050412_30b&babsrc=SP_ss&mntrId=223b6fd2000000000000485d6050bbab
IE - HKU\S-1-5-21-2397394961-259028453-3985729963-1000\..\SearchScopes\{5CD89D9C-F485-4B01-954C-E519236126D6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLPV5&o=13157&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=S3&apn_dtid=YYYYYYYYPL&apn_uid=8b742651-5c66-40c8-bb67-cfc4787948ba&apn_sauid=98813D85-7A29-4911-BA0F-CD530C125C29
IE - HKU\S-1-5-21-2397394961-259028453-3985729963-1000\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=21758B03D06F4122B60D367CB391BFF4&machine_id=ec953356d06bc52380b431152ff6799f&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..browser.startup.homepage: "http://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=PL&install_date=20110901&user_guid=21758B03D06F4122B60D367CB391BFF4&machine_id=ec953356d06bc52380b431152ff6799f&browser=FF&os=win&os_version=6.1-x64-SP0"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
[2012-02-26 18:00:08 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012-08-21 18:32:38 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}
[2012-08-27 19:41:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-02-26 18:00:03 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012-02-26 17:59:42 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\ffxtlbr@babylon.com
[2012-04-17 23:39:24 | 000,000,935 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\0p6ythlz.default\searchplugins\conduit.xml
[2012-09-19 18:19:56 | 000,002,356 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\0p6ythlz.default\searchplugins\startnow.xml
[2011-09-28 19:28:10 | 000,003,915 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\0p6ythlz.default\searchplugins\SweetIM Search.xml
[2011-09-28 19:28:00 | 000,003,915 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\0p6ythlz.default\searchplugins\sweetim.xml
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzyła się po restarcie).

[bulterier47]

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2397394961-259028453-3985729963-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2397394961-259028453-3985729963-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2397394961-259028453-3985729963-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found.
Registry key HKEY_USERS\S-1-5-21-2397394961-259028453-3985729963-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2397394961-259028453-3985729963-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5CD89D9C-F485-4B01-954C-E519236126D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CD89D9C-F485-4B01-954C-E519236126D6}\ not found.
Registry key HKEY_USERS\S-1-5-21-2397394961-259028453-3985729963-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABD93EAF-D775-BC54-E63B-2804F22FD156}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "http://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=PL&install_date=20110901&user_guid=21758B03D06F4122B60D367CB391BFF4&machine_id=ec953356d06bc52380b431152ff6799f&browser=FF&os=win&os_version=6.1-x64-SP0" removed from browser.startup.homepage
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults\preferences folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\searchplugin folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\Plugins folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\modules folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\META-INF folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\defaults folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\components folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}\chrome folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
Folder C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\ not found.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0p6ythlz.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\0p6ythlz.default\searchplugins\conduit.xml moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\0p6ythlz.default\searchplugins\startnow.xml moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\0p6ythlz.default\searchplugins\SweetIM Search.xml moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\0p6ythlz.default\searchplugins\sweetim.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ksportuj do programu Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ksportuj do programu Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 305798 bytes
->Temporary Internet Files folder emptied: 557190 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80111387 bytes
->Google Chrome cache emptied: 7716829 bytes
->Flash cache emptied: 991 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3085142 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028571 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 122,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11252012_175827

Files\Folders moved on Reboot...
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


[wojtas]

daj nowy log z OTL

[bulterier47]

Załączam pliki