Win blue soft-trojan,spyware?


(Mariusz0761) #1

Jako ze jestem nowy na tym forum to niewiem czy dobrze trafilem.Otoz wczoraj sciagalem muzyke,i w pewnym momencie wyswietlil mi sie komunikat z AVASTa ze muj komputer zostal zaatakowany przez jakies zlosliwe oprogramowanie.Jako ze jestem laikiem w tym temacie postapilem jak poradzil AVAST i poddalem pliki kwarantannie.Tych komunikatow bylo kilka i robilem to za kazdym razem.Wydawalo mi sie,ze wszystko jest ok.Ale po okolo 5 minutach pokazal mi sie blue screen i komputer sie zrestartowal.Tylko ze juz wtedy nie bylo nic nie moge wlaczyc zadnego antywira(kaspersky,avast) za kazdymm razem wywala mi komunikat , Process,... exe terminated. i tak dzieje sie jak pruboje zrobic cokolwiek.Niemam pojecia co to jest.Ponadto wciaz wyskakuje mi komunikat programu(ktorego nie instalowalem! !!


(Henio Mazurek) #2

Pobierz na początek Malwarebytes Anti-Malware i wykonaj dokładny skan jak się da, usuwasz co znajdzie i wklejasz log

http://dobreprogramy.pl/index.php?dz=2& … lware+1.37

Potem pobierasz ComboFix, uruchamiasz i wklejasz log

viewtopic.php?p=1170959#p1170959

Log wklej na www.wklej.org a w poście tylko link.


(Mariusz0761) #3

prubowalem,sciagnolem program,pruba instalacji i znowu terminated


(Henio Mazurek) #4

To ComboFix od razu. Już w momencie pobierania zmień mu nazwę na losową. Jeśli to nie pójdzie to pobierasz gmer’a i wklejasz jego log

http://www.gmer.net/


(Mariusz0761) #5

Process ComboFix.exe terminated.To samo z Gmer-ten sam komunikat.Ponadto zamiast standardoej tapety na pulpicie mam czarny ekran z takim czyms: ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISC.wHEN YOU VISIT SITES,SEND EMAILS… ALLYOUR ACTION ARE LOGGED AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDART TOOLS.YOUR DATA IS STILL AVAILABLE FOR FORENSICS,AND IN SOME CASES.


(Henio Mazurek) #6

No to jeszcze przy pobieraniu ComboFix zmień mu rozszerzenie na .com.

Jak to nie pomoże spróbuj wygenerować log z DDS

http://www.searchengines.pl/index.php?s … t&p=392369

Są trzy wersję, każda ma inne rozszerzenie, wypróbuj wszystkie.

Jak się da to zrób to w trybie awaryjnym.


(Mariusz0761) #7

zrobilem backup w safe mode. Wszystko wyglada po staremu niewiem czy to cos dalo ale windows dziala normalnie.Jakies sugestie?


(Henio Mazurek) #8

Jak zrobiłeś przywracanie systemu to nie wiem na co jeszcze czekasz - odpalaj antywirusy, czyść system i wklej tu potrzebne logi.


(Mariusz0761) #9

Otoz skonczylo skanowac a to chyba te logi tylko co dalej z tym zrobic? Malwarebytes’ Anti-Malware 1.37

Wersja bazy definicji: 2224

Windows 6.0.6001 Service Pack 1

2009-06-03 21:02:19

mbam-log-2009-06-03 (21-02-02).txt

Typ skanowania: Pe³ne skanowanie (C:|D:|)

Przeskanowane obiekty: 231678

Up³ynê³o: 1 hour(s), 6 minute(s), 19 second(s)

Zainfekowane procesy w pamiêci: 0

Zainfekowane modu³y pamiêci: 0

Zainfekowane klucze rejestru: 141

Zainfekowane wartoœci rejestru: 7

Zainfekowane pliki rejestru: 0

Zainfekowane foldery: 15

Zainfekowane pliki: 39

Zainfekowane procesy w pamiêci:

(Nie wykryto groŸnych plików)

Zainfekowane modu³y pamiêci:

(Nie wykryto groŸnych plików)

Zainfekowane klucze rejestru:

HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

Zainfekowane wartoœci rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt&Search\ (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Zainfekowane pliki rejestru:

(Nie wykryto groŸnych plików)

Zainfekowane foldery:

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.

Zainfekowane pliki:

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> No action taken.

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.


(deFco247) #10

Logi wklejasz na wklej.org, a w poście dajesz tylko link.

Znalezione obiekty usuń.

Zresztą to wszystko, co wymienione w logu należy tylko do jednego śmiecia - MyWebSearch. :o


(Henio Mazurek) #11

Tyle, że to nie powodowało reszty dziwnych objawów. Malwarebytes nie znalazł nic od WinBlueSoft.

Wykonaj skan ComboFix i wklej log, będziemy usuwać ręcznie.


(Mariusz0761) #12

Bede pamietal-wklej.org.I czy to juz wszystko?Czyzbym pozbyl sie tego paskodztwa?I co poradzisz na przyszlosc


(Henio Mazurek) #13

Nie, to jeszcze nie koniec. Masz tutaj wkleić log (do wyboru DDS, OtListIt2, od bólu ComboFix) bo coś mi się nie wydaje, żeby to sobie tak łatwo poszło.


(Mariusz0761) #14

http://www.wklej.org/id/100600/

Dodane 03.06.2009 (Śr) 23:34

http://www.wklej.org/id/100606/ bylo pierwsze teraz drugie

Dodane 03.06.2009 (Śr) 23:49

Mianowicie ComboFix pokazuje mi ze musze pozamykac Avasta i Nortona.Czy to normalne?


(Henio Mazurek) #15

Wygląda, że jest czysto.

Znasz plik autorun.exe który jest bezpośrednio na D?

W OtListIt2 klikasz w Clean up. To uprzątnie resztki po narzędziach czyszczących. Także po ComboFix’ie. Sam otwarłeś porty na svchost? Dobrze by było, żeby jednak był filtrowany, za dużo śmieci lubi z niego korzystać.

To normalne, że ComboFix upomina się o zamknięcie strażników.

Na koniec wyłącz na chwilę przywracanie systemu, przeczyść dysk i rejestr CCleaner’em.

Do czyszczenia pendrive’ów użyj tego programu

http://www.searchengines.pl/index.php?s … ntry369724

O dziwo po tym WinBlueSoft rzeczywiście nic nie zostało.

Przeczyść tymczasowe foldery tym

http://cybertrash.pl/images/tata/ATF/ATF.html


(Mariusz0761) #16

Dzieki przyjacielu-jestes wielki.Pozdro dla ciebie.