kross2012
(Zespolkross)
20 Sierpień 2012 11:27
#1
Witam… Mam problem, ponieważ po kliknięciu w link na facebooku zablokował mi się komputer.
Pozdrawiam
Logi:
http://www.wklejto.pl/131583 (OTL)
http://www.wklejto.pl/131582 (Extras)
Acorus
(Acorus)
20 Sierpień 2012 13:18
#2
Odinstaluj Babylon toolbar on IE,DAEMON Tools Toolbar,Facemoods Toolbar,Incredibar Toolbar on IE,McAfee Security Scan Plus,Mp3Tube Toolbar,My Web Search (Cursor Mania),Deinstalator Strony V9.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV - [2012/03/21 23:54:38 | 000,034,320 | ---- | M] (MyWebSearch.com ) [Auto | Stopped] – C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe – (MyWebSearchService) SRV - [2011/11/30 20:26:28 | 000,378,880 | ---- | M] () [Auto | Stopped] – C:\Windows\update.7.1\svchostdriver.exe – (ddservice) SRV - [2011/11/04 16:54:41 | 000,257,024 | ---- | M] () [Auto | Stopped] – C:\Windows\sysdriver32.exe – (srvsysdriver32) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/W3i/W3i_1331998530_763044 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/W3i/W3i_1331998530_763044 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 IE - HKLM…\SearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0}: “URL” = http://search.mywebsearch.com/mywebsear … searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/W3i/W3i_1331998530_763044 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.v9.com/w3i/w3i_1329415933_425204 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mp3tubetoolbar.com/?tmp=toolbar_ … 9e8043f478 IE - HKCU…\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com ) IE - HKCU…\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}: “URL” = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 IE - HKCU…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101241&mntrId=bec9ff49000000000000889ffa13aa68 IE - HKCU…\SearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0}: “URL” = http://search.mywebsearch.com/mywebsear … searchfor={searchTerms} IE - HKCU…\SearchScopes{899067B5-F52E-46DE-B901-0C332AC82B58}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=VX&apn_dtid=YYYYYYYYPL&apn_uid=65C2E8D8-398D-4238-8D52-D178BFA3C82D&apn_sauid=21E9574A-B297-4609-8790-04F79DA6BC85& IE - HKCU…\SearchScopes{8F62B252-F652-4C0E-A822-B12436D8F81D}: “URL” = http://mp3tubetoolbar.com/?tmp=toolbar_ … &Keywords={searchTerms}&clid=8339bd32906a41c9ab464d9e8043f478 IE - HKCU…\SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: “URL” = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyzwtmYce&i=26 FF - prefs.js…browser.search.defaultenginename: “Search the web (Babylon)” FF - prefs.js…browser.search.selectedEngine: “Search the web (Babylon)” FF - prefs.js…browser.startup.homepage: “http://search.babylon.com/?babsrc=HP_Prot ” FF - prefs.js…keyword.URL: “http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCxdm941YYPL&ptnrS=ZCxdm941YYPL&si=6584156&ptb=lz0SXBRCskSa.xGTC8d3ew&ind=2012032118&n=77ed2c76&psa=&st=kwd&searchfor= ” [2012/02/16 20:55:03 | 000,000,000 | —D | M] (“DAEMON Tools Toolbar”) – C:\Users\Samsung\AppData\Roaming\mozilla\Firefox\Profiles\g2g2lb4r.default\extensions\DTToolbar@toolbarnet.com [2011/11/04 22:35:56 | 000,000,000 | —D | M] (Babylon) – C:\Users\Samsung\AppData\Roaming\mozilla\Firefox\Profiles\g2g2lb4r.default\extensions\ffxtlbr@babylon.com [2011/12/27 21:15:25 | 000,000,000 | —D | M] (Facemoods) – C:\Users\Samsung\AppData\Roaming\mozilla\Firefox\Profiles\g2g2lb4r.default\extensions\ffxtlbr@Facemoods.com [2012/04/21 10:22:37 | 000,000,000 | —D | M] (incredibar.com ) – C:\Users\Samsung\AppData\Roaming\mozilla\Firefox\Profiles\g2g2lb4r.default\extensions\ffxtlbr@incredibar.com [2012/03/22 00:07:36 | 000,000,000 | —D | M] (My Web Search) – C:\Users\Samsung\AppData\Roaming\mozilla\Firefox\Profiles\g2g2lb4r.default\extensions\m3ffxtbr@mywebsearch.com [2011/08/23 22:16:36 | 000,002,333 | ---- | M] () – C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\g2g2lb4r.default\searchplugins\askcom.xml [2012/02/16 20:54:55 | 000,002,055 | ---- | M] () – C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\g2g2lb4r.default\searchplugins\daemon-search.xml [2012/04/21 10:19:14 | 000,002,203 | ---- | M] () – C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\g2g2lb4r.default\searchplugins\MyStart Search.xml [2012/03/22 00:17:30 | 000,009,968 | ---- | M] () – C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\g2g2lb4r.default\searchplugins\mywebsearch.xml O3 - HKLM…\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM…\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com \facemoods\1.4.17.11\facemoodsTlbr.dll File not found O3 - HKLM…\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com \incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM…\Run: [sdchange] C:\Users\Samsung\AppData\Local\Microsoft\Windows\191\sdchange.exe () O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [4015587.exe] C:\Users\Samsung\AppData\Local\Temp\4015587.exe () O4 - HKLM…\Run: [5475352.exe] C:\Users\Samsung\AppData\Local\Temp\5475352.exe () O4 - HKLM…\Run: [6161494.exe] C:\Windows\Temp\6161494.exe () O4 - HKLM…\Run: [6742396.exe] C:\Users\Samsung\AppData\Local\Temp\6742396.exe () O4 - HKLM…\Run: [facemoods] “C:\Program Files (x86)\facemoods.com \facemoods\1.4.17.11\facemoodssrv.exe” /md I File not found O4 - HKLM…\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=2 /w /h File not found O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe (MyWebSearch.com ) O4 - HKLM…\Run: [NPSStartup] File not found O4 - HKLM…\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe () O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] C:\Windows\update.tray-14-0\svchost.exe (Cronosoft) O4 - HKLM…\Run: [tray_ico1] C:\Windows\update.tray-9-0\svchost.exe (Cronosoft) O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [wxpdrv] C:\Windows\services32.exe (Cronosoft) O4 - HKCU…\Run: [Facebook Update] C:\Users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU…\Run: [Microsoft Windows Manager] C:\Users\Samsung\M-10-6897-8685-3464\winmgr.exe () O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe (MyWebSearch.com ) O4 - Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk = File not found O4 - Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe (Microsoft Corp.) [2012/08/08 20:19:37 | 000,000,000 | —D | C] – C:\Users\Samsung\AppData\Roaming\hellomoto [2012/08/08 20:19:18 | 000,000,000 | RHSD | C] – C:\Users\Samsung\M-10-6897-8685-3464 [2012/03/17 17:34:15 | 003,623,592 | ---- | C] (Ask) – C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe [2012/03/17 17:34:14 | 000,143,240 | ---- | C] (Ask.com ) – C:\Program Files (x86)\Common Files\ApnStub.exe [2011/10/29 17:47:40 | 000,246,272 | ---- | C] () – C:\Windows\unrar.exe [2011/10/29 17:41:17 | 000,000,000 | ---- | C] () – C:\Windows\loader2.exe_ok [2011/10/29 17:41:13 | 000,257,024 | ---- | C] () – C:\Windows\sysdriver32_.exe [2011/10/29 17:40:59 | 000,257,024 | ---- | C] () – C:\Windows\sysdriver32.exe [2012/08/15 01:21:31 | 000,001,064 | ---- | M] () – C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141374535-311919606-3590139362-1001Core.job [2012/08/13 16:57:10 | 000,001,086 | ---- | M] () – C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141374535-311919606-3590139362-1001UA.job :Files C:\Users\Samsung\AppData\Local\Microsoft\Windows\191 C:\ProgramData\f9a38769b749f59d089cab7310b74fc5_c :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]
Kliknij Wykonaj skrypt.
Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
kross2012
(Zespolkross)
25 Sierpień 2012 09:31
#3
Acorus
(Acorus)
25 Sierpień 2012 13:02
#4
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV:64bit: - File not found [On_Demand | Stopped] – C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe – (NisSrv) [2012/07/31 20:11:55 | 000,000,000 | —D | M] (MP3Tube Toolbar) – C:\Program Files (x86)\mozilla firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com O3:64bit: - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM…\Toolbar: (Mp3Tube Toolbar) - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL (Mp3Tube Toolbar) O4:64bit: - HKLM…\Run: [MSC] “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey File not found [2012/03/17 17:34:20 | 000,000,000 | —D | M] – C:\Users\Samsung\AppData\Roaming\OpenCandy :Commands [emptytemp] [resethosts]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.
Wyłącz i włącz przywracanie systemu.
http://www.searchengines.pl/Czyszczenie … 41981.html
Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa “Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje.”
Zainstaluj aktualizacje do programow wskazanych przez Security Check
analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.