azqwe
2 Kwiecień 2012 12:49
#1
Witam!
Mam problem z Antivirus protection 2012.
OTL:
http://wklej.to/hgdmD
Extras:
http://wklej.to/smHEM
Co dalej mam zrobic?
Prosze o porady.
Acorus
2 Kwiecień 2012 13:13
#2
Odinstaluj Facemoods Toolbar,free-downloads.net Toolbar,LiveVDO plugin 1.3,Softonic_EN_Arles Toolbar,vShare.tv plugin 1.3,Windows iLivid Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL MOD - [2012-04-01 20:01:54 | 000,832,512 | ---- | M] () – C:\WINDOWS\Temp\temp68.exe O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Softonic EN Arles Toolbar) - {4c572b59-769f-4b69-aa4a-38680452cbae} - C:\Program Files\Softonic_EN_Arles\prxtbSof0.dll (Conduit Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com \facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \prxtbfre0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM…\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Softonic EN Arles Toolbar) - {4c572b59-769f-4b69-aa4a-38680452cbae} - C:\Program Files\Softonic_EN_Arles\prxtbSof0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKLM…\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM…\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com \facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com ) O3 - HKLM…\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \prxtbfre0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1202660629-1979792683-1606980848-1003…\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-1202660629-1979792683-1606980848-1003…\Toolbar\WebBrowser: (Softonic EN Arles Toolbar) - {4C572B59-769F-4B69-AA4A-38680452CBAE} - C:\Program Files\Softonic_EN_Arles\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1202660629-1979792683-1606980848-1003…\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1202660629-1979792683-1606980848-1003…\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net \prxtbfre0.dll (Conduit Ltd.) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [ApnUpdater] C:\Program Files\Ask.com \Updater\Updater.exe (Ask) O4 - HKLM…\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM…\Run: [facemoods] C:\Program Files\facemoods.com \facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com ) O4 - HKLM…\Run: [intelAgent] C:\WINDOWS\Temp\temp68.exe () O4 - HKU\S-1-5-21-1202660629-1979792683-1606980848-1003…\Run: [3dqbhvurdcf4] C:\Documents and Settings\I\Dane aplikacji\Antivirus Protection\securityhelper.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-1202660629-1979792683-1606980848-1003…\Run: [Antivirus Protection] C:\Documents and Settings\I\Dane aplikacji\Antivirus Protection\AntivirusProtection2012.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-1202660629-1979792683-1606980848-1003…\Run: [Antivirus Protection 2012 SH] C:\Documents and Settings\I\Dane aplikacji\Antivirus Protection\securityhelper.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-1202660629-1979792683-1606980848-1003…\Run: [Antivirus Protection 2012 SM] C:\Documents and Settings\I\Dane aplikacji\Antivirus Protection\securitymanager.exe (Joirefers secusoft) O4 - HKU.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found [2012-04-01 20:45:57 | 000,000,000 | —D | C] – C:\Documents and Settings\I\Menu Start\Programy\Antivirus Protection [2012-04-01 20:45:56 | 000,000,000 | —D | C] – C:\Documents and Settings\I\Dane aplikacji\Antivirus Protection [2012-04-02 14:26:04 | 000,000,298 | ---- | M] () – C:\WINDOWS\tasks\Kpiareqtng.job [2012-04-02 08:01:00 | 000,000,226 | ---- | M] () – C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]
Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete.
Pokaż z niego log.
azqwe
2 Kwiecień 2012 13:40
#3
Wszystko zrobione wedlug wskazowek.
Antivirus Protection juz sie nie pojawia.
Wielkie dzieki za pomoc.
Ponizej podane logi.
Musze jeszcze cos zrobic czy to juz wszystko?
ADWcleaner: http://wklej.to/Y47rb
OTL: http://wklej.to/8KMH6
Raport po ponownym uruchomieniu: http://wklej.to/kEKbL
Acorus
2 Kwiecień 2012 13:46
#4
W OTL użyj opcji Sprzątanie.Przeskanuj progr.Malwarebytes Anti-Malware
http://www.malwarebytes.org/products/malwarebytes_free
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW
W AdwCleaner użyj opcji Uninstall.
Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.