rybak90
(Michal Szutta)
24 Sierpień 2011 10:59
#1
Witam,
Od kilku dni próbuję uporać się z tym problemem. Mianowicie chodzi o błąd przy próbie wejścia na stronę Facebooka.
http://img197.imageshack.us/img197/8278/facevr.png
Przeskanowałem system Nortonem, malwarebytes i dalej nic.
LOG:
http://wklejto.pl/103707
Acorus
(Acorus)
24 Sierpień 2011 14:11
#2
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL MOD - [2011-08-23 19:58:06 | 000,204,934 | ---- | M] () – C:\Users\pc\AppData\Local\Temp\101Awrd.~lk\3205fspext.dll IE - HKLM…\URLSearchHook: {d1fce654-5fd1-48ad-b13c-5064736120b7} - C:\Program Files (x86)\Soft32\prxtbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1512112080-3760964-3437010792-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/ IE - HKU\S-1-5-21-1512112080-3760964-3437010792-1000…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com \GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1512112080-3760964-3437010792-1000…\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-1512112080-3760964-3437010792-1000…\URLSearchHook: {d1fce654-5fd1-48ad-b13c-5064736120b7} - C:\Program Files (x86)\Soft32\prxtbSoft.dll (Conduit Ltd.) FF - prefs.js…browser.search.defaultengine: “Ask.com ” FF - prefs.js…browser.search.defaultenginename: “Ask.com ” FF - prefs.js…browser.search.order.1: “Ask.com ” [2011-08-22 19:40:33 | 000,000,000 | —D | M] (Avira SearchFree Toolbar plus WebGuard) – C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\xpbqtw08.default\extensions\toolbar@ask.com [2011-03-31 20:24:45 | 000,000,000 | —D | M] (vShare) – C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\xpbqtw08.default\extensions\vshare@toolbar [2011-08-23 19:59:36 | 000,002,578 | ---- | M] () – C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xpbqtw08.default\searchplugins\askcom.xml [2011-03-31 20:24:54 | 000,001,583 | ---- | M] () – C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xpbqtw08.default\searchplugins\web-search.xml O3 - HKU\S-1-5-21-1512112080-3760964-3437010792-1000…\Toolbar\WebBrowser: (Soft32 Toolbar) - {D1FCE654-5FD1-48AD-B13C-5064736120B7} - C:\Program Files (x86)\Soft32\prxtbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1512112080-3760964-3437010792-1000…\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com \GenericAskToolbar.dll (Ask) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [avgnt] File not found O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware (reboot)] File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found [2011-08-22 19:12:15 | 000,000,000 | —D | C] – C:\Windows\ufa [2011-08-22 19:12:15 | 000,000,000 | —D | C] – C:\Windows\phoenix [2011-08-22 17:31:15 | 000,000,000 | -H-D | C] – C:\Windows\update.7.1 [2011-08-22 17:29:59 | 000,000,000 | -H-D | C] – C:\Windows\update.2 [2011-08-22 17:29:48 | 000,000,000 | -H-D | C] – C:\Windows\update.5.0 [2011-08-22 17:27:59 | 000,000,000 | —D | C] – C:\Windows\av_ico [2011-08-22 17:26:36 | 000,000,000 | -H-D | C] – C:\Windows\update.1 [2011-08-22 17:26:35 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-8-0-lnk [2011-08-22 17:26:35 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-8-0 [2011-08-22 19:13:30 | 000,000,202 | ---- | M] () – C:\Windows\info1 [2011-08-22 19:12:14 | 005,589,370 | ---- | M] () – C:\Windows\phoenix.rar [2011-08-22 19:12:14 | 001,075,284 | ---- | M] () – C:\Windows\rpcminer.rar [2011-08-22 19:12:14 | 000,246,272 | ---- | M] () – C:\Windows\unrar.exe [2011-08-22 19:12:14 | 000,182,617 | ---- | M] () – C:\Windows\ufa.rar [2011-08-22 17:29:51 | 000,904,792 | ---- | M] () – C:\Windows\geoiplist.rar [2011-08-22 17:29:04 | 000,000,000 | ---- | M] () – C:\Windows\loader2.exe_ok :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Commands [emptytemp] [resethosts]
Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
rybak90
(Michal Szutta)
24 Sierpień 2011 18:51
#3
Leon1
(Leon$)
24 Sierpień 2011 19:08
#4
OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:
:OTL FF - prefs.js…browser.search.selectedEngine: “Ask.com ” O2 - BHO: (no name) - {d1fce654-5fd1-48ad-b13c-5064736120b7} - No CLSID value found. O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (no name) - {d1fce654-5fd1-48ad-b13c-5064736120b7} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3:64bit: - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () [2011-08-22 21:27:09 | 000,000,000 | —D | C] – C:\Users\pc\AppData\Local\AskToolbar [2011-08-22 19:36:36 | 000,000,000 | —D | C] – C:\Program Files (x86)\Ask.com [2011-08-22 17:29:52 | 004,636,907 | ---- | C] () – C:\Windows\geoiplist :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]
Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.
Pokaż log z usuwania.
potem nowy log OTL robiony opcją Run Scan (Skanuj)
rybak90
(Michal Szutta)
24 Sierpień 2011 19:24
#5
Leon1
(Leon$)
24 Sierpień 2011 19:29
#6
Log wygląda na czysty
Pobierz CCleaner http://www.filehippo.com/download_ccleaner/
przeskanuj nim i wyczyść rejestr.
W OTL kilknij CleanUp (Sprzątanie)
przeskanuj
Dr.WEB CureIt! http://www.dobreprogramy.pl/DrWEB-CureI … 12976.html
rybak90
(Michal Szutta)
24 Sierpień 2011 19:32
#7
Problem naprawiony nawet bez konieczności używania CCleanerem i skanowania DR. WEb-em.
Dzięki