X

Zamuony laptop i masa wirusow

29 Mar 2013 17:30 OJojekk
  • #1 29 Mar 2013 17:30
    ojekk
    Level 2  
    Helpful post? (0)
    Witam! Mam taki o to problem, ze dostalem zamulonego laptopa. Od 2009 roku nie mial on nawet jednego antywiursa. Teraz jest na dyskou masa wirusow, ktorych nie moge usunac. Podczas skanowania wykrywa je ale usunac ich nie moge. Da sie je jakos usunac bez formata? Obecnie nie posiadam plytki od windowsa a gosc ktory wczesniej mial laptopa zwalal wszystko na dysk C :P
  • Helpful post
    #2 29 Mar 2013 17:57
    Acorus 20
    Spec od komputerów
    Helpful post? (0)
    Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free/
    Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa "Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje."
    Pokaż logi z OTL.
  • #3 30 Mar 2013 12:08
    ojekk
    Level 2  
    Topic author Helpful post? (0)
    Malware zadzialal i usunalem 60 roznego rodzaju wirusow i robaczkow.
    Tutaj logi z otl
  • #4 30 Mar 2013 12:10
    ojekk
    Level 2  
    Topic author Helpful post? (0)
    Extras.txt
  • #5 30 Mar 2013 12:54
    Acorus 20
    Spec od komputerów
    Helpful post? (0)
    Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Quote:
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtDzz0A0B0B0ByB0BzztCtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1747931694
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60475
    IE - HKLM\..\SearchScopes\{37D39183-AC8A-AA96-1A94-1C32C659741F}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{8D7BCC95-4B3A-4597-B533-7B32EBE22488}: "URL" = http://www.searchcanvas.com/web?ot=3&q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtDzz0A0B0B0ByB0BzztCtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1747931694
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=110808&tt=280812_2003_3512_1&babsrc=HP_ss&mntrId=061c7b810000000000000625d3da2e7e
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110808&tt=280812_2003_3512_1&babsrc=HP_ss_cr&mntrId=061c7b810000000000000625d3da2e7e
    IE - HKCU\..\SearchScopes\{072FF6A5-0CA6-4FC4-B263-0C09F52FBA2E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtDzz0A0B0B0ByB0BzztCtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1747931694
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=UTR&o=15459&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=H5&apn_dtid=YYYYYYU1GB&apn_uid=720E0649-45CB-4F13-8A28-7D3D10E976A7&apn_sauid=A4543E0A-B33F-4F75-8BE2-49934732C3EB
    IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60475
    IE - HKCU\..\SearchScopes\{37D39183-AC8A-AA96-1A94-1C32C659741F}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110808&tt=280812_2003_3512_1&babsrc=SP_ss&mntrId=061c7b810000000000000625d3da2e7e
    IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}
    IE - HKCU\..\SearchScopes\{8D7BCC95-4B3A-4597-B533-7B32EBE22488}: "URL" = http://www.searchcanvas.com/web?ot=3&q={searchTerms}
    IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=f4871b1f-75e5-4bf0-a8d9-f2af32f95072&query={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\3.bin
    [2012/07/01 17:32:37 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Wixson\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
    O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Users\Wixson\Desktop\iWin Games\iWinGamesHookIE.dll File not found
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Wixson\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Wixson\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    [2013/03/28 12:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2013/03/26 20:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2013/03/29 21:19:12 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2952921420-1809684256-3676270256-1000UA.job
    [2013/03/28 12:19:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2952921420-1809684256-3676270256-1000Core.job
    [2012/08/28 20:32:29 | 000,384,844 | ---- | C] () -- C:\Users\Wixson\AppData\Local\funmoods-speeddial.crx
    [2012/08/28 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Wixson\AppData\Roaming\Babylon

    :Files
    C:\Users\Wixson\AppData\Local\Temp*.html

    :Commands
    [emptytemp]


    Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.
    Usuń Combofix i pozostałości po nim tym http://oldtimer.geekstogo.com/OTC.exe
    Zainstaluj aktualizacje do programow wskazanych przez Security Check
    http://forum.dobreprogramy.pl/analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.
Mouser  Search 4 million + Products
Browse Products