Witam,proszę o sprawdzenie mojego loga OTL.
LOG OTL:http://wklej.org/hash/8a216c436e7/
LOG Extras:http://wklej.org/hash/0e9a00fd34c/
Z góry dzięki
Acorus
25 Kwiecień 2011 15:32
#2
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL FF - prefs.js…browser.search.defaultenginename: “Web Search…” FF - prefs.js…browser.search.defaulturl: “http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= ” FF - prefs.js…extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js…extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js…extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js…keyword.URL: “http://vshare.toolbarhome.com/search.aspx?srch=ku&q= ” [2011-02-06 13:23:46 | 000,000,000 | —D | M] (“DAEMON Tools Toolbar”) – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\extensions\DTToolbar@toolbarnet.com [2011-02-05 11:17:33 | 000,000,000 | —D | M] (Facemoods) – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\extensions\ffxtlbr@Facemoods.com [2011-02-09 20:01:14 | 000,000,000 | —D | M] (Ask Toolbar) – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\extensions\toolbar@ask.com [2011-02-05 19:38:03 | 000,000,000 | —D | M] (vShare) – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\extensions\vshare@toolbar [2011-02-06 13:23:37 | 000,002,059 | ---- | M] () – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\searchplugins\daemon-search.xml [2011-02-05 19:38:10 | 000,001,583 | ---- | M] () – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\searchplugins\web-search.xml [2010-12-14 16:15:06 | 000,001,196 | ---- | M] () – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\searchplugins\winamp-search.xml O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com \facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com \facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com ) O3 - HKU\S-1-5-21-1060284298-651377827-682003330-1003…\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1060284298-651377827-682003330-1003…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM…\Run: [facemoods] C:\Program Files\facemoods.com \facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com ) O4 - HKU\S-1-5-21-1060284298-651377827-682003330-1003…\Run: [AshSnap] File not found O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ … mv9VCM.CAB (Reg Error: Key error.) [2011-04-25 16:01:00 | 000,000,234 | ---- | M] () – C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]
Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Odinstaluj DAEMON Tools Toolbar.
Acorus
26 Kwiecień 2011 08:28
#4
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL FF - prefs.js…browser.search.defaultenginename: “Winamp Search” FF - prefs.js…browser.search.defaulturl: “http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= ” FF - prefs.js…browser.search.selectedEngine: “Winamp Search” FF - prefs.js…extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js…extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js…extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 FF - prefs.js…keyword.URL: “http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= ” [2010-12-14 15:02:55 | 000,000,000 | —D | M] (Winamp Toolbar) – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011-04-25 17:42:24 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\extensions\DTToolbar@toolbarnet.com [2011-04-25 17:42:24 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\extensions\ffxtlbr@Facemoods.com [2011-04-25 17:42:24 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\extensions\vshare@toolbar [2011-04-25 17:43:55 | 000,001,196 | ---- | M] () – C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\v9c5t6i0.default\searchplugins\winamp-search.xml O3 - HKCU…\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. [2011-02-05 11:22:44 | 000,000,000 | —D | M] – C:\Documents and Settings\Admin\Dane aplikacji\facemoods.com :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/mbam.php
Przeskanuj programem Dr.WEB CureIt http://ftp.drweb.com/pub/drweb/cureit/launch.exe
Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe
Na pierwszym planie instalacja Service Pack 3.
Zabezpiecz się przed infekcją z pendrive Panda USB Vaccine http://research.pandasecurity.com/panda … n-1-0-1-4/