Infekcja Lyrmix

Dla specjalistów Bezpieczeństwo
#1

Witam. Nie mam pojęcia jak poradzić sobie z owym wirusem … :( 

Proszę o pomoc, bo nie wiem jak to dalej ruszyć … :frowning:

 

OTL:

http://wklej.org/id/1302391/

 

EXTRAS:

http://wklej.org/id/1302392/

 

#2

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL
CHR - Extension: Plus-HD-7.6 = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffkoifhnfeoofalpnnohfdlomcgkamcn\12372.8927.4681_0\crossrider
CHR - Extension: Plus-HD-7.6 = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffkoifhnfeoofalpnnohfdlomcgkamcn\12372.8927.4681_0\
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3063904157-4126242783-694460060-1002..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\asus\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=fd545a8e96b847d29d36f54322cdfe1b-dcab2efab9d116311c01076d8d2bbd1143a9eea3 /CMPID=0214c File not found
O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - File not found
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
[2014-03-16 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\asus\Doctor Web
[2014-02-22 12:21:00 | 000,000,216 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014-02-22 08:17:40 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013-11-03 13:57:16 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\ASUS WebStorage

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.Po restarcie uruchom OTL i użyj opcji Sprzątanie.

#3

To wszystko? 

#4

Nic tu więcej nie widać.To wszystko.

#5

W takim razie dziękuję za pomoc :slight_smile: