scaza
25 Maj 2012 08:13
#1
Witam
Ciągnę neta z radiówki , ale ostatnio coś strasznie zamula i się tak zastanawiam czy coś się nie zainfekował
logi
otl: http://www.wklej.org/id/759815/
extras: http://www.wklej.org/id/759821/
dzięki za pomoc
Acorus
25 Maj 2012 10:19
#2
Odinstaluj Babylon toolbar on IE,Freecorder Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\EagleNT.sys – (EagleNT) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/?utm_source=b&utm_medium=ins IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-602162358-1229272821-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = http://pl.v9.com/?utm_source=b&utm_medium=ins IE - HKU\S-1-5-21-602162358-1229272821-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss … 23cdc6f7f4 IE - HKU\S-1-5-21-602162358-1229272821-1417001333-1003…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-602162358-1229272821-1417001333-1003…\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-602162358-1229272821-1417001333-1003…\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}: “URL” = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-602162358-1229272821-1417001333-1003…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101368&mntrId=749178530000000000000023cdc6f7f4 IE - HKU\S-1-5-21-602162358-1229272821-1417001333-1003…\SearchScopes{40A2B6F2-BB9E-472C-85E2-3A2C0F99B270}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=5027ADCB-D570-4B9E-AF9E-AB5300395944&apn_sauid=F805D061-D2E4-448F-B880-454CA441DEB3& IE - HKU\S-1-5-21-602162358-1229272821-1417001333-1003…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 FF - prefs.js…browser.search.defaultengine: “Ask.com ” FF - prefs.js…browser.search.defaultenginename: “Search the web (Babylon)” FF - prefs.js…browser.search.defaultthis.engineName: “Freecorder Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} ” FF - prefs.js…browser.search.order.1: “Search the web (Babylon)” FF - prefs.js…browser.search.selectedEngine: “Search the web (Babylon)” FF - prefs.js…browser.startup.homepage: “http://search.babylon.com/?babsrc=HP_Prot ” [2012-04-30 10:22:51 | 000,000,000 | —D | M] (Freecorder Community Toolbar) – C:\Documents and Settings\Arek\Dane aplikacji\Mozilla\Firefox\Profiles\a6mgwm95.default\extensions{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2012-04-09 21:39:30 | 000,000,000 | —D | M] (Babylon) – C:\Documents and Settings\Arek\Dane aplikacji\Mozilla\Firefox\Profiles\a6mgwm95.default\extensions\ffxtlbr@babylon.com [2012-04-02 21:38:26 | 000,000,000 | —D | M] (Facemoods) – C:\Documents and Settings\Arek\Dane aplikacji\Mozilla\Firefox\Profiles\a6mgwm95.default\extensions\ffxtlbr@Facemoods.com [2012-04-21 15:56:57 | 000,000,000 | —D | M] (Softonic Toolbar) – C:\Documents and Settings\Arek\Dane aplikacji\Mozilla\Firefox\Profiles\a6mgwm95.default\extensions\toolbar@ask.com [2011-11-17 19:25:44 | 000,002,333 | ---- | M] () – C:\Documents and Settings\Arek\Dane aplikacji\Mozilla\Firefox\Profiles\a6mgwm95.default\searchplugins\askcom.xml [2012-04-29 12:53:12 | 000,000,923 | ---- | M] () – C:\Documents and Settings\Arek\Dane aplikacji\Mozilla\Firefox\Profiles\a6mgwm95.default\searchplugins\conduit.xml [2012-04-30 10:09:11 | 000,002,415 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\v9.xml O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Arek\Dane aplikacji\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com \facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O3 - HKLM…\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM…\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com \facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com ) O3 - HKU\S-1-5-21-602162358-1229272821-1417001333-1003…\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-602162358-1229272821-1417001333-1003…\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com \GenericAskToolbar.dll (Ask) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [ApnUpdater] C:\Program Files\Ask.com \Updater\Updater.exe (Ask) O4 - HKLM…\Run: [facemoods] C:\Program Files\facemoods.com \facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com ) [2012-05-13 19:29:40 | 000,000,000 | —D | C] – C:\Documents and Settings\Arek\Dane aplikacji\PriceGong [2012-04-30 10:25:20 | 000,000,000 | —D | C] – C:\Program Files\Conduit [2012-04-30 10:25:14 | 000,000,000 | —D | C] – C:\Documents and Settings\Arek\Ustawienia lokalne\Dane aplikacji\Conduit [2012-05-25 08:56:03 | 000,000,232 | ---- | M] () – C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012-04-07 12:01:40 | 000,000,000 | —D | M] – C:\Documents and Settings\Arek\Dane aplikacji\EurekaLog :Commands [emptytemp]
Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
scaza
25 Maj 2012 12:23
#3
Acorus
25 Maj 2012 16:17
#4
W OTL użyj opcji Sprzątanie.Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete
Zainstaluj aktualizacje do programow wskazanych przez Security Check analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.