Backdoor.bot, antywirusy nie działają


(pawels) #1

Antywirusy są zablokowane, nie działają w czasie rzeczywistym (konkretnie Avira i Avast). Znalazłem kilka wirusów za pomocą programu MBAM i od razu je usunąłem. Umieszczam logi z MBAM i OTL.

OTL: http://wklej.to/7vyS0

Extras : http://wklej.to/mmQ9Z

MBAM: http://wklej.to/AJQre http://wklej.to/zfJn4 http://wklej.to/l07fk

Pozdrawiam i proszę o pomoc.


(Acorus) #2

Odinstaluj uTorrentBar Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.


(pawels) #3

http://wklej.to/GUK9t

Raport:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-73586283-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.

File C:\Program Files\uTorrentBar\prxtbuTo2.dll not found.

Unable to set value : HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope| /E!

Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

C:\Documents and Settings\Crazy\Dane aplikacji\Mozilla\Firefox\Profiles\zmkqvqvc.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\Mozilla\Firefox\Profiles\zmkqvqvc.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\Mozilla\Firefox\Profiles\zmkqvqvc.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\Mozilla\Firefox\Profiles\zmkqvqvc.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\Mozilla\Firefox\Profiles\zmkqvqvc.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\Mozilla\Firefox\Profiles\zmkqvqvc.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\Mozilla\Firefox\Profiles\zmkqvqvc.default\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\Mozilla\Firefox\Profiles\zmkqvqvc.default\searchplugins\sweetim.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.

File C:\Program Files\uTorrentBar\prxtbuTo2.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{0D704FAD-66E9-4F0A-BFED-4F665770DDB3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.

File C:\Program Files\uTorrentBar\prxtbuTo2.dll not found.

Registry value HKEY_USERS\S-1-5-21-73586283-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.

File C:\Program Files\uTorrentBar\prxtbuTo2.dll not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DAEMON Tools Lite\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ml71kou6c6\ deleted successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\PriceGong\Data folder moved successfully.

C:\Documents and Settings\Crazy\Dane aplikacji\PriceGong folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Crazy

->Temp folder emptied: 1924765475 bytes

->Temporary Internet Files folder emptied: 12778782 bytes

->Java cache emptied: 1559465 bytes

->FireFox cache emptied: 610734550 bytes

->Flash cache emptied: 1287 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2352022 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 262627 bytes

RecycleBin emptied: 22623 bytes

Total Files Cleaned = 2 434,00 mb

OTL by OldTimer - Version 3.2.34.0 log created on 03012012_214846

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_20c.dat not found!

Registry entries deleted on Reboot...

-- Dodane 01.03.2012 (Cz) 22:29 --

po reinstalacji i wykonaniu skryptu avira nadal jest nieaktywna...


(Acorus) #4

Odinstaluj Avirę.Reszki Avasta tym Avast Uninstall utility http://www.avast.com/uninstall-utility

Zainstaluj tylko nowego Avasta.