Usuwanie qooqlle – analiza loga OTL i skuteczne metody pozbycia się wirusa

Question

Też mam problem z qooqlle... W załączniku log z OTL. Proszę o pomoc.

Kolobos · Accepted Answer

Odinstaluj:
Online_Sharing Toolbar
Ask Toolbar
DAEMON Tools Toolbar
Conduit Engine
MediaBar

Wykonaj skrypt w OTL:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
IE - HKCU\..\URLSearchHook: {8567a644-e36c-470c-86cf-9c5b4f37db81} - C:\Program Files\Online_Sharing\prxtbOnl0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="
[2011-08-10 17:58:10 | 000,000,000 | ---D | M] (Online Sharing Community Toolbar) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\q86dcxrc.default\extensions\{8567a644-e36c-470c-86cf-9c5b4f37db81}
[2010-12-31 22:24:22 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\q86dcxrc.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2011-05-07 13:54:06 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\q86dcxrc.default\extensions\DTToolbar@toolbarnet.com
[2011-04-01 10:33:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\q86dcxrc.default\extensions\engine@conduit.com
[2010-09-14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\q86dcxrc.default\searchplugins\BearShareWebSearch.xml
[2010-12-05 13:47:58 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\q86dcxrc.default\searchplugins\conduit.xml
[2011-01-23 17:01:24 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\q86dcxrc.default\searchplugins\daemon-search.xml
[2011-09-02 18:20:38 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\q86dcxrc.default\searchplugins\search.xml
[2010-09-14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Online Sharing Toolbar) - {8567a644-e36c-470c-86cf-9c5b4f37db81} - C:\Program Files\Online_Sharing\prxtbOnl0.dll (Conduit Ltd.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Online Sharing Toolbar) - {8567a644-e36c-470c-86cf-9c5b4f37db81} - C:\Program Files\Online_Sharing\prxtbOnl0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Online Sharing Toolbar) - {8567A644-E36C-470C-86CF-9C5B4F37DB81} - C:\Program Files\Online_Sharing\prxtbOnl0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)

:Commands
[emptytemp]

Po wszystkim zrob skan przy pomocy mbam, a w OTL wybierz Sprzatnie i to wszystko.

MasterOrzech · Answer

Troszkę późno odpisuję, ale zadziałało. Wielkie dzięki ;]

Usuwanie qooqlle – analiza loga OTL i skuteczne metody pozbycia się wirusa

Post #1

Post #2

Post #3