Elektroda.pl
Elektroda.pl
X

Wyszukiwarki naszych partnerów

Wyszukaj w ofercie 200 tys. produktów TME
Europejski lider sprzedaży techniki i elektroniki.
Proszę, dodaj wyjątek elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Posiadam bardzo uciazliwe wirusy.

HakerskiHaker 26 Mar 2012 15:27 2082 3
  • #1 26 Mar 2012 15:27
    HakerskiHaker
    Poziom 2  

    Witam. Opisze moj problem po kolei. Sciagnelem plik poprzez nieznanego mi .torrent'a (wiem, wiem, glupota ale czlowiek na bledach sie uczy)... Plik zajmowal 744mb (mial to byc film), mysle, ze rozmiar pliku specjalnie byl fake aby nie wzbudzac zadnych podejzen. Otworzylem plik i nic nie dzialalo (to chyba typowe zachowanie KeyLoggerow). Byly 2 pliki, wiec otworzylem tez drugi o nazwie "kodeki... (cos tam cos tam, usunelem ten caly folder, wiec juz dokladnie nie pamietam nazwy)", nagle wlaczyla mi sie przegladarka internetowa i wylaczyla (mysle, ze zainstalowal mi sie jakis specjalny skrypt na przegladarkach). Gdy wlaczam jakakolwiek przegladarke i wpisuje w google rozne hasla powiazane z wirusami typu: "HijackThis", "Trojan Remover", "Spyware Doctor", Mam Keyloggera na komputerze forum", "Nie moge usunac keyloggera", itp. to nagle wylcza mi sie przegladarka, czesto wyswietlajac komunikat, o tym, ze moja przegladarka sie zaciela, czy cos takiego (nigdy w zyciu taki komunikat mi sie nie wyswietlal, po za tym widac, ze ten komunikat stworzyl jakis hacker, poniewaz, na poczatku zdania mam napisane "O kurcze!" i to moim zdaniem takie nie fachowe troszke i zarazem bardzo podejzane). Probowalem sciagnac programy, ktore moglyby przeskanowac mi komputer ale nie dalo rady. Na szczescie mam kilka komputerow w domu i sciagnelem kilka programow z innego, zrzucilem na pen drive'a i wrzucilem na zainfekowany komputer. Zainstalowalem HiJackThis... Nie zadzialalo, sam sie wylacza. Zainstalowalem Trojan Remover... tez dziwnie dzialal, cos dziwnego z tym programem sie dzialo, dlatego go odinstalowalem i zainstalowalem Spyware Doctor... Ciagle mi migal dziwnie, non stop sie wlaczal i wylaczal i w koncu tez go odinstalowalem, bo byl bezuzyteczny. Wpadlem na pomysl, zeby wejsc w system awaryjny aby zrobic chociazby glupiego loga. Jeee...!!! No udalo mi sie chociaz to. Zrobilem skana HiJackThis'em ale, gdy sprawdzilem w koncu co jest grane, to teoretycznie nie wyswietla prawie nic, co by bylo Extremaly Nasty albo cos... Wrzuce loga zebyscie mogli sami ocenic co jest grane i co powinienem zrobic. Prosze o rady, format kompa odpada. Gdyby moj ojciec sie dowiedzial... A to jego komp xD Musze narazie palic frana i udawac, ze wszystko gra. Musze sobie jakos inaczej poradzic z tym problem niz sformatowac dysk. Bardzo prosze o pomoc.

    Log:

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    
    Scan saved at 14:07:43, on 2012-03-26
    Platform: Windows 7  (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16800)
    Boot mode: Safe mode

    Running processes:
    C:\Program Files (x86)\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1329932350_843604
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/




    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=92ed9e2b000000000000000000000000&tlver=1.4.19.19&affID=17160
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll
    R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
    R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\IPS\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: free-downloads.net - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
    O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
    O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files (x86)\CardDetector\ZTEMF636\CardDetector.exe
    O4 - HKLM\..\Run: [BEWINTERNET-PLSessionManager] "C:\Program Files (x86)\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Zibi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
    O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b
    O4 - HKCU\..\Run: [HW_OPENEYE_OUC_PLAY ONLINE] "C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe /autorun
    O4 - HKCU\..\Run: [Java] %APPDATA%\Microsoft\jusched.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O4 - Startup: spoolsvcs.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28764149-7A55-4041-896E-7555AEB1F9E3}: NameServer = 89.108.195.20 217.17.34.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E7BD3DBE-A125-4A61-9FAD-7C75D04F032F}: NameServer = 89.108.195.21 217.17.34.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F0BC3ABD-A764-4F0A-97BD-F8C3269F5074}: NameServer = 89.108.195.20 217.17.34.10
    O17 - HKLM\System\CS1\Services\Tcpip\..\{28764149-7A55-4041-896E-7555AEB1F9E3}: NameServer = 89.108.195.20 217.17.34.10
    O17 - HKLM\System\CS2\Services\Tcpip\..\{28764149-7A55-4041-896E-7555AEB1F9E3}: NameServer = 89.108.195.20 217.17.34.10
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14079 bytes


    Jezeli zlamalem jakis regulamin forum, przepraszam.

  • #2 26 Mar 2012 15:37
    vadim92
    Poziom 28  

    Log z Hijackthis-a jest bezużyteczny. Pozatym logi dodajemy w załącznikach!
    Ściągnij OTL i uruchom w trybie awaryjnym. Zaznacz "wszyscy użytkownicy", "infekcje LOP", "infekcje purity" oraz zaznacz "użyj filtrowania" w "rejestr - skan dodatkowy" (o ile nie będzie tak ustawione domyślnie po uruchomieniu OTL).
    Pojawią Ci się dwa logi OTL.txt oraz Extras.txt, wrzuć oba w formie załączników na forum.
    Do tego skan przy pomocy MBAM oraz CureIt (o ile uda Ci się sciągnąć).

  • #3 26 Mar 2012 17:10
    HakerskiHaker
    Poziom 2  

    Dodaje zalaczniki ze skanami programow na zyczenie "vadim92". Skan OTL, wszystko OK, skan MBAM, tez wszystko OK, tylko nie mialem mozliwosci zaktualizowania bazy na systemie awaryjnym (73dni), zrobilem jeszcze skan CureIt ale dziwne rozszerzenie ma ten log (.csv) i nie moge zamiescic na forum.

    ("wszystko OK", w sensie, ze wszystko poszlo tak jak powinno podczas skanu, nie sprawdzalem co i jak i czy mam te wirusy, czy tez nie i jakie, ja sie na tym nie znam ;p)

    BTW. Skany robilem wedle kolejnosci: OTL, MBAM, CUREIT.

    Powinienem dodac jeszcze (dopiero teraz zauwazylem): Po zrobieniu wszystkich skanow, nie wlacza mi sie juz skrypt w przegladarkach internetowych, ktory mi je wylaczal wczesniej.

  • #4 26 Mar 2012 18:15
    Kolobos
    Spec od komputerów

    Usun to co wykryl mbam o ile jeszcze tego nie zrobiles.

    Nie instaluj toolbarow!

    Do aktualizacji:
    Java(TM) 6 Update 23 -> www.java.com

    Odinstaluj:
    Bing Bar
    Google Toolbar for Internet Explorer
    HiJackThis
    Adobe Reader 9.3 - Polish, zmien na Foxit.
    Advertising Center
    Bing Bar Platform
    Babylon toolbar
    BitTorrentBar Toolbar
    Browser Defender 4.0
    50 FREE MP3s +1 Free Audiobook!
    free-downloads.net Toolbar
    Download Updater (AOL LLC)
    Winamp Toolbar

    W Chrome recznie zmien wyszukiwarke na Google.

    [2012-03-23 19:56:46 | 000,912,856 | ---- | C] (Mozilla Corporation) -- C:\Users\Zibi\Documents\firefox.exe Co tutaj robi ten plik?

    Wykonaj skrypt w OTL:

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=92ed9e2b000000000000000000000000&tlver=1.4.19.19&affID=17160
    IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
    IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120104195725630&tb_oid=04-01-2012&tb_mrud=04-01-2012
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1329932350_843604
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=92ed9e2b000000000000000000000000&tlver=1.4.19.19&affID=17160
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\SearchScopes\{22827B08-1321-4678-9C01-887433604C67}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120104195725630&tb_oid=04-01-2012&tb_mrud=04-01-2012
    IE - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\SearchScopes\{F2F49F48-D3EF-4658-A31D-FE53DA4F5738}: "URL" = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
    [2012-03-24 17:29:26 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Zibi\AppData\Roaming\mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2011-05-26 20:42:15 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
    O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    O3 - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
    O3 - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
    O4 - HKU\S-1-5-21-2181692892-1695980931-1876811163-1000..\Run: [Java] C:\Users\Zibi\AppData\Roaming\Microsoft\jusched.exe ()
    O4 - Startup: C:\Users\Zibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvcs.exe ()
    [2012-03-26 11:19:37 | 000,000,000 | ---D | C] -- C:\Users\Zibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012-03-26 11:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
    [2012-03-24 17:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrentBar

    Po wykonaniu daj nowy log z OTL.

 Szukaj w ofercie
Zamknij 
Wyszukaj w ofercie 200 tys. produktów TME