Komputer zainfekowany - Lyrmix

Dla specjalistów Bezpieczeństwo
#1

Witam, proszę o pomoc z logami:

 

OTL:

http://www.wklej.org/id/1305191/

 

EXTRAS:

http://www.wklej.org/id/1305196/

 

#2

Odinstaluj: Google Toolbar for Internet Explorer. Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwareby…warebytes_free/

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa “Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje.”

#3

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=41460bs=truetid=2938q={searchTerms}
IE - HKU\S-1-5-21-2954639726-2318396259-3991651829-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
IE - HKU\S-1-5-21-2954639726-2318396259-3991651829-1000\..\SearchScopes\{03B9666F-F69A-4EB1-935F-8D6672D3D19C}: "URL" = http://websearch.ask.com/redirect?client=ietb=VDJo=41647960src=kwq={searchTerms}locale=en_USapn_ptnrs=^8Rapn_dtid=^YYYYYY^YY^PLapn_uid=55CF8A16-F5DF-43AA-824A-B8B294B96A1Fapn_sauid=93F0AE2E-B77A-46F7-9A0D-E48767669884
CHR - Extension: Plus-HD-7.6 = C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\14176.731.6485_0\crossrider
CHR - Extension: Plus-HD-7.6 = C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\14176.731.6485_0\
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (no name) - {8f3c1d75-d467-43c2-9a36-655366b76f5f} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-21-2954639726-2318396259-3991651829-1000..\Run: [Desura] C:\Users\Hanna\Desura\desura.exe -autostart File not found
O4 - HKU\S-1-5-21-2954639726-2318396259-3991651829-1000..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2014/03/19 16:19:15 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Doctor Web
[2014/02/22 13:03:18 | 000,000,000 | ---D | C] -- C:\Users\Hanna\.android
[2011/07/18 11:45:12 | 000,000,000 | -HSD | M] -- C:\Users\Hanna\AppData\Roaming\.#

:Files
C:\Users\Hanna\AppData\Local\Temp*.html

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.Po restarcie uruchom OTL i użyj opcji Sprzątanie.

#4

Dziękuję! :slight_smile: