czaczak
(Lamapupa)
28 Lipiec 2012 08:24
#1
To co w tytule, do mojego komputera wkradło się zlośliwe oprogramowanie i proszę o pomoc w jego usunięciu.
Extras http://wklej.to/YVpfS
OTL http://wklej.to/k4cps
Acorus
(Acorus)
28 Lipiec 2012 08:45
#2
Odinstaluj SweetPacks Toolbar for Internet Explorer 4.6,Complitly,Babylon toolbar on IE,Freecorder Toolbar,FreeOnlineRadioPlayerRecorder Toolbar,Incredibar Toolbar on IE,NCH EN Toolbar,Softonic toolbar on IE and Chrome,XfireXO Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV - File not found [Auto | Stopped] – C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService\ibsvc.exe /SERVICE – (IBUpdaterService) DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_jubusenum.sys – (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_jucdcacm.sys – (huawei_cdcacm) DRV - File not found [Kernel | On_Demand | Stopped] – system32\drivers\ewfiltertdidriver.sys – (filtertdidriver) DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\EagleXNt.sys – (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\EagleNT.sys – (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] – D:\Program Files\MediaCoder\SysInfo.sys – (CrystalSysInfo) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=vlt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/?utm_source=b&utm_medium=vlt IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … 0&st=12&q={searchTerms}&barid={86098AC6-9EC5-11E1-88A8-001D7D02FCFA} IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.findamo.com?ch=12 IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=vlt IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.h … stemid=406 IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= … =CT2737658 IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie … mid=406&q={searchTerms} IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=&apn_ptnrs=A2&apn_dtid=YYYYYYYYPL&apn_uid=7731E99A-43DB-49F9-84C8-BBE4FC0F4BDF&apn_sauid=933E287B-970F-4A88-B707-117D85A6D7B3 IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\SearchScopes{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: “URL” = http://www.findamo.com/search.html?ch=12&q={searchTerms} IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658 IE - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … 0&st=12&q={searchTerms}&barid={86098AC6-9EC5-11E1-88A8-001D7D02FCFA} FF - prefs.js…browser.search.defaultenginename: “Search The Web” FF - prefs.js…browser.search.order.1: “Search The Web” FF - prefs.js…browser.search.selectedEngine: “Search The Web” FF - prefs.js…browser.startup.homepage: “http://www.findamo.com?ch=12 ” FF - prefs.js…keyword.URL: “http://www.findamo.com/search.html?ch=12&q= ” O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com ) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM…\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com ) O3 - HKLM…\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM…\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM…\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com \incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM…\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [4StoryPrePatch] D:\Program Files\Gameforge4D\4Story\PrePatch.exe File not found O4 - HKLM…\Run: [ApnUpdater] C:\Program Files\Ask.com \Updater\Updater.exe (Ask) O4 - HKLM…\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe File not found O4 - HKLM…\Run: [kbvaqdqsapnavfx] C:\Documents and Settings\All Users\Dane aplikacji\kbvaqdqs.exe () O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\Run: [ChomikBox] C:\Program Files\ChomikBox\ChomikBox.exe File not found O4 - HKU\S-1-5-21-1659004503-343818398-839522115-1004…\Run: [kbvaqdqsapnavfx] C:\Documents and Settings\All Users\Dane aplikacji\kbvaqdqs.exe () [2012-07-27 22:01:00 | 000,000,232 | ---- | M] () – C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job :Files C:\Documents and Settings\All Users\Dane aplikacji\mglznvwfsbpabce C:\Documents and Settings\All Users\Dane aplikacji\prirsmke.exe C:\Documents and Settings\All Users\Dane aplikacji\kbvaqdqs.exe C:\Documents and Settings\User\0.7146314939510479.exe :Commands [emptytemp]
Kliknij Wykonaj skrypt.
Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete
Nowy log pokaż po użyciu AdwCleanera.
czaczak
(Lamapupa)
28 Lipiec 2012 08:56
#3
Nie daje rady usunąć SweetPacks Toolbar for internet explorer 4.6, za powód podają windowsa w trybie awaryjnym, w ktorym aktualnie jestem. Czy mimo tego mam kopiować ten skrypt do OTL ?
Acorus
(Acorus)
28 Lipiec 2012 09:00
#4
To nieistotne.Wykonaj resztę.
czaczak
(Lamapupa)
28 Lipiec 2012 09:13
#5
http://wklej.to/lulRf Raport po restarcie
http://wklej.to/VNNG3 nowy log otl.txt
– Dodane 28.07.2012 (So) 11:16 –
dodaje ze nie ma juz blokady a poza tym usnalem sweetpacks toolbar
– Dodane 28.07.2012 (So) 11:21 –
Czy mam coś jeszcze zrobić ? Btw. Dziekuję ci za pomoc
Acorus
(Acorus)
28 Lipiec 2012 12:43
#6
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie. .Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa “Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje.”
Wyłącz i włącz przywracanie systemu.
http://www.searchengines.pl/Czyszczenie … 41981.html
Zainstaluj aktualizacje do programow wskazanych przez Security Check
analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.