martazumba

Możesz to zrobić ale nie musisz. Program możesz sobie zostawić do okresowych skanów ręcznych.

 

OK. Dziękuję bardzo za pomoc we wszystkim i pozdrawiam:)

Ok. Wporządku. Jeszcze jedno pytanie tylko czy mam odinstalować Malwarebytes Anti-Malware ?

Nie było tam nic ważnego. A choćby nawet to już i tak zrobiłam sprzątanie w OTL.

 

Czy przez uszkodzenie ComboFix niesie to ze sobą jakieś konsekwencje ?

 

I teraz już rozumiem, mam zaaktualizowac tylko Internet Explorer i Comodo..

Ad.1 Usunęłam to co wykrył program MBAM

 

Ad.2. Zrobione. Wklejam LOG :

"All processes killed

========== FILES ==========

C:\Users\Martucha\AppData\Roaming\Mozilla\Firefox\Profiles\59euj6gz.default\searchplugins\search.xml moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\3 stycznia 2012 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\3 sierpnia 2011 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\26 lipca 2011 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\26 kwietnia 2010 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\25 stycznia 2012 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\22 maja 2010 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\21 września 2011 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\21 grudnia 2011 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\15 grudnia 2010 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\12 marca 2012 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\11 października 2010 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup\1 stycznia 2012 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\backup folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums\6781d50db11cfa311a43d5cac4e9dc57 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2Albums folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\update\LifescapeUpdater folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\update folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\tmp folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\temp\LifescapeUpdater folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\temp folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\runtime folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\ioqueue folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\Desktop folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\db3 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\cache\feeds folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2\cache folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Picasa2 folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\GBScreensaver folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\CrashReports folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Chrome\User Data\Default\Plugin Data folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Chrome\User Data folder moved successfully.

C:\Users\Martucha\AppData\Local\Google\Chrome folder moved successfully.

C:\Users\Martucha\AppData\Local\Google folder moved successfully.

========== REGISTRY ==========

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully!

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Martucha

->Temp folder emptied: 19779646 bytes

->Temporary Internet Files folder emptied: 39924928 bytes

->Java cache emptied: 6529220 bytes

->FireFox cache emptied: 222494057 bytes

->Flash cache emptied: 10169390 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22292 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 285.00 mb

 

 

OTL by OldTimer - Version 3.2.39.2 log created on 03282012_115909

 

Files\Folders moved on Reboot...

C:\Users\Martucha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Martucha\AppData\Local\Mozilla\Firefox\Profiles\59euj6gz.default\Cache\_CACHE_001_ not found!

File\Folder C:\Users\Martucha\AppData\Local\Mozilla\Firefox\Profiles\59euj6gz.default\Cache\_CACHE_002_ not found!

File\Folder C:\Users\Martucha\AppData\Local\Mozilla\Firefox\Profiles\59euj6gz.default\Cache\_CACHE_003_ not found!

File\Folder C:\Users\Martucha\AppData\Local\Mozilla\Firefox\Profiles\59euj6gz.default\Cache\_CACHE_MAP_ not found!

 

Registry entries deleted on Reboot...

"

 

Ad.3. Zrobione. Wklejam LOG:

"# AdwCleaner v1.503 - Logfile created 03/28/2012 at 12:09:37

# Updated 24/03/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Martucha - MARTUCHA-VAIO

# Running from : C:\Users\Martucha\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Martucha\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Martucha\AppData\Roaming\Complitly

Folder Deleted : C:\Users\Martucha\AppData\Local\Babylon

Folder Deleted : C:\Users\Martucha\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Program Files (x86)\Complitly

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

 

***** [H. Navipromo] *****

 

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

 

***** [Registry (x64)] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7601.17514

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=110004&tt=090212_ctrl&babsrc=NT_ss&mntrId=acf1a59800000000000000264374997a --> hxxp://www.google.fr

 

-\\ Mozilla Firefox v11.0 (pl)

 

Profile name : default

File : C:\Users\Martucha\AppData\Roaming\Mozilla\FireFox\Profiles\59euj6gz.default\prefs.js

 

C:\Users\Martucha\AppData\Roaming\Mozilla\FireFox\Profiles\59euj6gz.default\user.js ... Deleted !

 

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "tt=090212_ctrl");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 17);

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "acf1a59800000000000000264374997a");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15387");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 17);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:56:52");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");

Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 68065279);

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:56:52");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "tt=090212_ctrl");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "acf1a59800000000000000264374997a");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "acf1a59800000000000000264374997a");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15387");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110004&tt=090212_c[...]

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:56:52");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=110004&tt=090212_ctrl&babsrc=adbartrp&mntrId[...]

 

*************************

 

AdwCleaner[R1].txt - [8893 octets] - [27/03/2012 12:06:41]

AdwCleaner[s1].txt - [7911 octets] - [28/03/2012 12:09:37]

 

########## EOF - C:\AdwCleaner[s1].txt - [8039 octets] ##########

"

 

Ad.4.Zrobione. Ale po deinstalacji wyskoczył komunikat "System Windows nie może odnaleźć pliky o nazwie "NIRCMD"..."

Program Comodo wykrył też wirusy , które usunęłam.

 

Ad.5. Sciągam właśnie dodatek Service Pack 1 dla Windows 7. Rozumiem,że mam pobrać TYLKO

"windows6.1-KB976932-X64.exe 903.2MB" czy ten drugi "windows6.1-KB976932-X86.exe 537.8MB" też ??

Ok. Chyba udało mi sie usunąć wszystkie wymienione dodatki i adwere. Wygenerowałam log z AdwCleaner oraz przeskanowałam system za pomoca Malwarebytes Anti-Malware. W załączniku przesyłam log i raport .

AdwCleanerR1.txt

mbam-log-2012-03-27 (12-18-55).txt

Proszę dodaj wymagane zasadami działu logi z OTL.

 

Ok. Już robię skanowanie. Jak tylko skończy sie to prześlę logi

 

Przesyłam w załączniku logi

OTL.Txt

Extras.Txt

Witam!

Zwracam sie do Was z prośbą o pomoc w sprawdzeniu czy prawidłowo zostały usunięte wymienione wirusy UnclassifiedMalware@47365164, RSK-HIDE.SAA.~B@18001662, ApplicUnsaf.Win32.FraudTool.DS.~CRSA@94722917 - .

Pokrótce opiszę problem od początku.

Dostałam wiadomość od znajomej na Facebooku o takiej treści :

 

"19 marca

Dorota ...

 

helllllo hxxp: //wahbischool.com/images/home.html

 

Nie zorientowałam się ,że to mógł wysłać bot czy ktoś inny i zainstalowałam wirusa :/

Po zainstalowaniu , zaczęły mi się automatycznie pojawiać błędy i wyłączała się przeglądarka Mozilla Firefox jak tylko wpisałam w adresie Facebook.

Wczoraj znalazłam w Google taką informacje : http://niebezpieczni...s-na-facebooku/ i zastosowałam się do porad zawartych na tej stronie :

" Osoby, które zainstalowały w/w fałszywy, zainfekowany "Flash Player" nie mogą skorzystać ze swojego antywirusa oraz wejść na Facebooka. Aby wyleczyć komputer należy wykonać następujące kroki:

• 
  1. Zainstalować darmowy ComboFix, uruchomić
  2. Zainstalować i uruchomić nod32 online scanner
  3. Przeinstalować swojego antywirusa, który był na komputerze (zrobić aktualizację bazy sygnatur)
  4. Usunąć plik hosts (przywrócić go z pliku hists, znajdującego się w tym samym katalogu)"
  

W sumie tylko zainstalowałam program ComboFix ze strony :

http://www.bleepingc...-virus/combofix

i przeprowadziłam skanowanie tym programem.

Nie zrobiłam podpunktu 2,3 i 4, bo komunikaty które kolejno pojawiały sie w końcu same doprowadziły mnie do zakonczenia skanowania i usunięcia wirusów. Aczkolwiek chciałabym aby ktoś z Was sprawdził mojego LOGa z programu ComboFix , bo nie mam pewności czy faktycznie zostało wszystko usunięte , gdyż w trakcie skanowania programem ComboFix pojawiał się komunikat ,że plik "NIRCMD.EXE" został usunięty.

 

Nie wiedziałam,że całe działanie należy wykonać pod nadzorem innej osoby . Dopiero tutaj przeczytałam jak należy dokładnie postępować : http://www.bleepingc...combofix#forums

 

W załączniku zamieszczam log z ComboFix.

Pozdrawiam serdecznie i czekam na Waszą odpowiedź .

Marta

LOG-z ComboFix.txt