Acorus
(Acorus)
4 Marzec 2012 19:20
#2
Odinstaluj DAEMON Tools Toolbar,uTorrentBar Toolbar,XfireXO Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL MOD - [2012-03-04 12:10:08 | 000,032,768 | ---- | M] () – C:\Documents and Settings\user\Ustawienia lokalne\temp\5ef8b284-5689.tmp MOD - [2012-02-26 23:13:07 | 000,032,768 | -HS- | M] () – C:\Documents and Settings\user\Ustawienia lokalne\temp\2b6b9f7d-5689.tmp MOD - [2012-02-23 17:09:12 | 000,281,088 | ---- | M] () – C:\Program Files\LP\AEC3\B10.exe MOD - [2012-02-23 17:08:25 | 000,184,320 | ---- | M] () – C:\Program Files\BD334\lvvm.exe MOD - [2012-02-23 17:07:48 | 000,167,424 | ---- | M] () – C:\Documents and Settings\user\Dane aplikacji\3C7BD\002AE.exe IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = http=127.0.0.1:62545 FF - prefs.js…network.proxy.http: “127.0.0.1” FF - prefs.js…network.proxy.http_port: 62545 FF - prefs.js…network.proxy.type: 1 O4 - HKLM…\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe File not found O4 - HKLM…\Run: [AT-Watch] File not found O4 - HKLM…\Run: [b10.exe] C:\Program Files\LP\AEC3\B10.exe () O4 - HKLM…\Run: [crrss] C:\WINDOWS\system32\crrss.exe (Tomasz Pawlak) O4 - HKLM…\Run: [MozillaAgent] C:\WINDOWS\Temp_ex-68.exe (0JEVUkxjZ) O4 - HKCU…\Run: [Antivirus Protection 2012 SH] C:\Documents and Settings\user\Dane aplikacji\Antivirus Protection 2012\securityhelper.exe (KlureIn) O4 - HKCU…\Run: [Antivirus Protection 2012 SM] C:\Documents and Settings\user\Dane aplikacji\Antivirus Protection 2012\securitymanager.exe (KlureIn) O4 - HKCU…\Run: [c1pkl3usv7fl] C:\Documents and Settings\user\Dane aplikacji\Antivirus Protection 2012\securityhelper.exe (KlureIn) O4 - HKCU…\Run: [KiesTrayAgent] D:\Program Files\KiesKiesTrayAgent.exe File not found O4 - HKCU…\Run: [Windows Update Server] C:\Documents and Settings\user\9b47dfae-5689.exe () O4 - HKCU…\Run: [winlogon] C:\Documents and Settings\user\winlogon.exe (Tomasz Pawlak) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\crrss.exe) - C:\WINDOWS\system32\crrss.exe (Tomasz Pawlak) O20 - HKCU Winlogon: Shell - (“C:\Documents and Settings\user\winlogon.exe”) - C:\Documents and Settings\user\winlogon.exe (Tomasz Pawlak) [2012-02-22 20:52:22 | 000,000,000 | —D | C] – C:\Program Files\BD334 [2012-02-22 20:51:44 | 000,000,000 | —D | C] – C:\Program Files\LP [2012-02-22 20:51:44 | 000,000,000 | —D | C] – C:\Documents and Settings\user\Dane aplikacji\3C7BD [2011-11-22 12:23:33 | 000,460,624 | ---- | C] () – C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\promo.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]
Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Acorus
(Acorus)
5 Marzec 2012 08:12
#4
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={1E445FC6-F601-405B-8380-537D7784F332} IE - HKLM…\URLSearchHook: - No CLSID value found IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1E445FC6-F601-405B-8380-537D7784F332} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={1E445FC6-F601-405B-8380-537D7784F332} IE - HKCU…\URLSearchHook: - No CLSID value found IE - HKCU…\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU…\SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: “URL” = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157 IE - HKCU…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1E445FC6-F601-405B-8380-537D7784F332} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = http=127.0.0.1:62545 FF - prefs.js…network.proxy.http: “127.0.0.1” FF - prefs.js…network.proxy.http_port: 62545 FF - prefs.js…network.proxy.type: 1 [2011-01-27 08:20:42 | 000,000,000 | —D | M] (XfireXO Community Toolbar) – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\xvfnxbey.default\extensions{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012-03-04 10:37:39 | 000,000,000 | —D | M] (SweetIM Toolbar for Firefox) – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\xvfnxbey.default\extensions{EEE6C361-6118-11DC-9C72-001320C79847} [2011-07-26 15:22:57 | 000,000,000 | —D | M] (Conduit Engine) – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\xvfnxbey.default\extensions\engine@conduit.com O3 - HKLM…\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU…\Toolbar\ShellBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) [2012-03-03 12:38:39 | 000,000,000 | —D | C] – C:\Documents and Settings\user\Dane aplikacji\Antivirus Protection 2012 [2012-03-04 21:12:07 | 000,000,260 | ---- | M] () – C:\WINDOWS\tasks\WGASetup.job :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Wyłącz i włącz przywracanie systemu.
http://www.searchengines.pl/Czyszczenie … 41981.html
Przeskanuj progr.Malwarebytes Anti-Malware
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW
Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.