wojtek84
(Judasz169)
4 Marzec 2012 12:35
#1
czesc prosze o pomoc z tym zlosliwym oprogramowaniem
skan
http://wklej.to/bmy06
Acorus
(Acorus)
4 Marzec 2012 12:43
#2
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL O4 - HKU\S-1-5-21-2185246042-4009289764-2996373422-1000…\Run: [winlogon] C:\Users\asus\winlogon.exe (Activision Blizzard, Inc.) O20 - HKU\S-1-5-21-2185246042-4009289764-2996373422-1000 Winlogon: Shell - (“C:\Users\asus\winlogon.exe”) - C:\Users\asus\winlogon.exe (Activision Blizzard, Inc.) [2012-03-04 10:06:54 | 000,000,000 | —D | C] – C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection 2012 [2012-03-04 10:06:54 | 000,000,000 | —D | C] – C:\Users\asus\AppData\Roaming\Antivirus Protection 2012 :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Files C:\Users\asus\AppData\Local\Temp*.html :Commands [emptytemp]
Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Extras też.
Acorus
(Acorus)
4 Marzec 2012 13:49
#4
Odinstaluj free-downloads.net Toolbar,QuickStores-Toolbar 1.1.0,Softonic-Polska Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKLM…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \tbfree.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com ) IE - HKCU…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \tbfree.dll (Conduit Ltd.) IE - HKCU…\SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: “URL” = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 IE - HKCU…\SearchScopes{C8335318-4B00-4B74-8BEC-EEE861D41755}: “URL” = http://us.yhs.search.yahoo.com/avg/sear … rome_us&p={searchTerms} FF - prefs.js…browser.search.defaultenginename: “Yahoo! Search” FF - prefs.js…browser.search.defaultthis.engineName: “free-downloads.net Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms} ” FF - prefs.js…browser.search.selectedEngine: “search” FF - prefs.js…extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191 [2012-02-13 17:52:50 | 000,000,000 | —D | M] (Softonic-Polska Community Toolbar) – C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\51izgr4w.default\extensions{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} [2012-01-08 22:42:51 | 000,000,000 | —D | M] (free-downloads.net Community Toolbar) – C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\51izgr4w.default\extensions{ecdee021-0d17-467f-a1ff-c7a115230949} [2011-09-07 14:48:59 | 000,000,000 | —D | M] (QuickStores-Toolbar) – C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\51izgr4w.default\extensions\quickstores@quickstores.de [2010-01-20 12:16:28 | 000,000,939 | ---- | M] () – C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\51izgr4w.default\searchplugins\conduit.xml [2011-01-01 11:26:57 | 000,002,059 | ---- | M] () – C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\51izgr4w.default\searchplugins\daemon-search.xml [2012-03-04 10:07:24 | 000,001,210 | ---- | M] () – C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\51izgr4w.default\searchplugins\search.xml O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com ) O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \tbfree.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com ) O3 - HKLM…\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM…\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM…\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \tbfree.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com ) O3 - HKCU…\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net \tbfree.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com ) :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Przeskanuj progr.Malwarebytes Anti-Malware
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW
Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.