Metin2 a dziwne procesy.

Wątek zamknięty

Ocena wątku:

0 głosów - średnia: 0
1
2
3
4
5

Tryb drzewa | Tryb normalny

Metin2 a dziwne procesy.

Autor Wiadomość

kulpiotr Offline

Newbie

Liczba postów: 0
Liczba wątków: 0
Dołączył: Sep 2012
Reputacja: 0

Metin2 a dziwne procesy.

Witam. Pobrałem grą Metin2 i zauważyłem, że mam w tle dziwne procesy, których nie da sią zamknąć. (csrss, consent i inne) Dają link do logów z OTL. Sory, jestem zielony nie wiem jak dodać załącznik.
L O G I

09-15-2012, 10:39 AM

Szukaj

Autor Wiadomość

wirusolog32 Offline

Newbie

Liczba postów: 0
Liczba wątków: 0
Dołączył: Aug 2012
Reputacja: 0

Metin2 a dziwne procesy.

Witaj.
Odinstaluj:

Kod:
Bing Bar

Google Update Helper

Deinstalator Strony V9

Bing Bar Platform

Ask Toolbar

SweetIM Toolbar for Internet Explorer 4.2

SweetIM for Messenger 3.6

StartSearch Toolbar 1.3

Pando Media Booster

Uzyj adwcleanera z opcją "Delete" i podaj log, któty utworzy:
http://www.instalki....AdwCleaner.html
W OTL własne opcje skanowania/skrypt wklej:

Kod:
:OTL

PRC - [2011/08/01 15:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

PRC - [2012/07/18 17:33:50 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\kl\AppData\Local\Facebook\Update\FacebookUpdate.exe

PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe

MOD - [2012/09/15 01:23:19 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM9C7.tmp

MOD - [2012/09/15 01:23:19 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM9A5.tmp

MOD - [2012/09/15 01:23:19 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM975.tmp

MOD - [2012/09/15 01:23:19 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM944.tmp

MOD - [2012/09/15 01:23:19 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM923.tmp

MOD - [2012/09/15 01:23:19 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM901.tmp

MOD - [2012/09/15 01:23:19 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM8C1.tmp

MOD - [2012/09/15 01:23:19 | 000,086,016 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEMABA.tmp

MOD - [2012/09/15 01:23:19 | 000,086,016 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEMA6A.tmp

MOD - [2012/09/15 01:23:19 | 000,086,016 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEMA48.tmp

MOD - [2012/09/15 01:23:19 | 000,086,016 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM9F8.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM861.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM7C3.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM773.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM714.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM6F3.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM693.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM605.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM5A5.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM545.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM515.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM4E4.tmp

MOD - [2012/09/15 01:23:18 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM494.tmp

MOD - [2012/09/15 01:23:17 | 000,120,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM433.tmp

MOD - [2012/09/15 01:23:17 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM24D.tmp

MOD - [2012/09/15 01:23:17 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM22C.tmp

MOD - [2012/09/15 01:23:17 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM1CA.tmp

MOD - [2012/09/15 01:23:17 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM1A9.tmp

MOD - [2012/09/15 01:23:17 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM198.tmp

MOD - [2012/09/15 01:23:17 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM155.tmp

MOD - [2012/09/15 01:23:17 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM144.tmp

MOD - [2012/09/15 01:23:17 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM132.tmp

MOD - [2012/09/15 01:23:17 | 000,072,704 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM372.tmp

MOD - [2012/09/15 01:23:17 | 000,072,192 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM3F3.tmp

MOD - [2012/09/15 01:23:17 | 000,072,192 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM3D2.tmp

MOD - [2012/09/15 01:23:17 | 000,072,192 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM360.tmp

MOD - [2012/09/15 01:23:17 | 000,068,608 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM101.tmp

MOD - [2012/09/15 01:23:17 | 000,064,000 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM290.tmp

MOD - [2012/09/15 01:23:17 | 000,057,344 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM301.tmp

MOD - [2012/09/15 01:23:17 | 000,056,832 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM167.tmp

MOD - [2012/09/15 01:23:17 | 000,056,320 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM71.tmp

MOD - [2012/09/15 01:23:17 | 000,056,320 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM1EC.tmp

MOD - [2012/09/15 01:23:17 | 000,055,296 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEMC1.tmp

MOD - [2012/09/15 01:23:17 | 000,053,760 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM2B1.tmp

MOD - [2012/09/15 01:23:17 | 000,053,760 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEM25F.tmp

MOD - [2012/09/15 01:23:16 | 000,075,776 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\XTMP1MC3VE\DEMC2E1.tmp

MOD - [2012/09/15 01:23:16 | 000,033,792 | ---- | M] () -- C:\Users\kl\AppData\Local\Temp\YTMP7MC8AA\TAACCD0.tmp

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://startsear.ch/?aff=1&cf=8cee17f0-187e-11e1-beab-6c626dd8bce8]http://startsear.ch/...ab-6c626dd8bce8[/url]

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url=http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={6FD51769-088D-11E1-AC7D-6C626DD8BCE8}]http://search.sweeti...D-6C626DD8BCE8}[/url]

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url=http://startsear.ch/?aff=1&src=sp&cf=8cee17f0-187e-11e1-beab-6c626dd8bce8&q={searchTerms}]http://startsear.ch/...q={searchTerms}[/url]

IE - HKCU\..\SearchScopes\{63624B32-7A99-47B3-85DF-3FBB3B5D2176}: "URL" = [url=http://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYPL&apn_uid=7c852a9a-3d84-423f-a899-1e6dba550bae&apn_sauid=02F6AA35-D184-45A7-94EC-22B3756D4E3A]http://websearch.ask...EC-22B3756D4E3A[/url]

IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url=http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={6FD51769-088D-11E1-AC7D-6C626DD8BCE8}]http://search.sweeti...D-6C626DD8BCE8}[/url]

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=15430"

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=CLM&o=15427&locale=en_US&apn_uid=7c852a9a-3d84-423f-a899-1e6dba550bae&apn_ptnrs=LE&apn_sauid=02F6AA35-D184-45A7-94EC-22B3756D4E3A&apn_dtid=YYYYYYYYPL&&q="

FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKCU..\Run: [Windows Wireless Services] C:\Users\kl\Network\wmpdtb32.exe File not found

O4 - Startup: C:\Users\kl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E41EAF13

:Commands

[EMPTYFLASH]

[EMPTYTEMP]

kliknij "Wykonaj sktypt" daj log z usuwania
nastepnie daj nowe logi z OTL i log z TDSS kliier

(Ten post był ostatnio modyfikowany: 09-15-2012, 12:10 PM przez wirusolog32.)

09-15-2012, 11:30 AM

Szukaj

« Starszy wątek | Nowszy wątek »

Wątek zamknięty

Skocz do:

Użytkownicy przeglądający ten wątek: 2 gości

Metin2 a dziwne procesy.

Reklama: