inkangie
(Inkangie)
27 Sierpień 2011 08:41
#1
Prosze o pomoc, po przeskanowaniu i usunięciu trojanów nie moge właczyc strony- pojawia sie “Nie udało się nawiązać połączenia”.
Wklejam logi;
OTL
http://wklej.org/id/585397/
Extras
http://wklej.org/id/585398/
Acorus
(Acorus)
27 Sierpień 2011 09:24
#2
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll () O2 - BHO: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - File not found O3 - HKLM…\Toolbar: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - File not found O3 - HKU\S-1-5-21-1220945662-1715567821-682003330-1004…\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found. O3 - HKU\S-1-5-21-1220945662-1715567821-682003330-1004…\Toolbar\WebBrowser: (Mario Forever Toolbar) - {707DB484-2428-402D-AFB5-D85B387544C7} - File not found O4 - HKLM…\Run: [KernelFaultCheck] File not found O4 - HKU.DEFAULT…\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18…\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19…\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20…\RunOnce: [nltide_2] File not found O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ … vc1dmo.cab (Reg Error: Key error.) MsConfig - StartUpReg: ares - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - File not found MsConfig - StartUpReg: iGoD - hkey= - key= - File not found MsConfig - StartUpReg: IPLA! - hkey= - key= - File not found MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: WinampAgent - hkey= - key= - File not found [2011-08-19 22:34:15 | 000,000,000 | —D | C] – C:\WINDOWS\ufa [2011-08-19 22:34:15 | 000,000,000 | —D | C] – C:\WINDOWS\phoenix [2011-08-19 22:28:24 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.5.0 [2011-08-19 22:23:47 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.2 [2011-08-19 22:23:17 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.7.1 [2011-08-19 22:21:26 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.1 [2011-08-21 14:26:21 | 000,000,179 | ---- | M] () – C:\WINDOWS\info1 [2011-08-19 22:34:14 | 005,589,370 | ---- | M] () – C:\WINDOWS\phoenix.rar [2011-08-19 22:34:14 | 000,246,272 | ---- | M] () – C:\WINDOWS\unrar.exe [2011-08-19 22:34:14 | 000,182,617 | ---- | M] () – C:\WINDOWS\ufa.rar [2011-08-19 22:34:13 | 001,075,284 | ---- | M] () – C:\WINDOWS\rpcminer.rar [2011-08-19 22:27:27 | 000,904,792 | ---- | M] () – C:\WINDOWS\geoiplist.rar [2011-08-19 22:22:50 | 000,000,000 | ---- | M] () – C:\WINDOWS\loader2.exe_ok :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] [resethosts]
Kliknij Wykonaj skrypt .Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Odinstaluj MediaBar 2.0.
inkangie
(Inkangie)
27 Sierpień 2011 10:55
#3
Leon1
(Leon$)
27 Sierpień 2011 11:13
#5
OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:
:OTL IE - HKCU…\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - Reg Error: Key error. File not found FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms} ” FF - prefs.js…keyword.URL: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=2&q= ” FF - HKLM\Software\MozillaPlugins@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found [2011-08-21 14:26:45 | 000,000,734 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hîsts [2011-08-19 22:27:28 | 004,636,907 | ---- | C] () – C:\WINDOWS\geoiplist :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [CLEARALLRESTOREPOINTS]
Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.
W OTL kilknij CleanUp (Sprzątanie)
Pobierz CCleaner http://www.filehippo.com/download_ccleaner/
przeskanuj nim i wyczyść rejestr.
przeskanuj Dr.WEB CureIt! http://www.dobreprogramy.pl/DrWEB-CureI … 12976.html
Acorus
(Acorus)
27 Sierpień 2011 11:15
#6
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU…\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - Reg Error: Key error. File not found FF - prefs.js…browser.search.defaultenginename: “Winamp Search” FF - prefs.js…browser.search.defaultthis.engineName: “Mario Forever Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms} ” FF - prefs.js…keyword.URL: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=2&q= ” [2009-08-27 23:47:08 | 000,000,000 | —D | M] (Free Lunch Design Toolbar) – C:\Documents and Settings\ADAX\Dane aplikacji\Mozilla\Firefox\Profiles\eu51xnqx.default\extensions{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2009-08-27 23:47:09 | 000,000,000 | —D | M] (Mario Forever Toolbar) – C:\Documents and Settings\ADAX\Dane aplikacji\Mozilla\Firefox\Profiles\eu51xnqx.default\extensions{707db484-2428-402d-afb5-d85b387544c7} [2009-07-03 22:35:31 | 000,001,196 | ---- | M] () – C:\Documents and Settings\ADAX\Dane aplikacji\Mozilla\Firefox\Profiles\eu51xnqx.default\searchplugins\winamp-search.xml [2011-08-07 18:18:08 | 000,000,000 | -HSD | C] – C:\found.000 [2011-08-21 14:26:45 | 000,000,734 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hîsts [2011-08-19 22:27:28 | 004,636,907 | ---- | C] () – C:\WINDOWS\geoiplist :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.
Przeskanuj progr.Malwarebytes Anti-Malware
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY WIRUSÓW
Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.
inkangie
(Inkangie)
27 Sierpień 2011 11:36
#7
Dziekuje za pomoc fc dziala!