Podejrzenie wirusa, mosowe wysyłanie wiadomości na steam


(dixick) #1

Siema wszystkim

mój kolega na kompie ma problem bo kliknął na jakiś link w wiadomości Steam od nieznajomego i od razu z jego konta na steam zostały rozesłane wiadomości do jego znajomych z tym linkiem

Przeskanowałem mu pc ADWcleanerem(znalazło kilka śmieci które usunąłem) oraz dałem skan OTL i mam prośbę do was o sprawdzenia logów czy nie ma więcej śmieci/wirusów

Otl

http://wklej.org/id/1525029/

Extras

http://wklej.org/id/1525027/


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(dixick) #3

Oto raporty:


(Acorus) #4

Otwórz Notatnik i wklej:

Task: C:\WINDOWS\Tasks\At1.job = C:\DOCUME~1\asd\DANEAP~1\Dealply\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job = C:\DOCUME~1\asd\DANEAP~1\Dealply\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job = C:\WINDOWS\TEMP\{9DE48A25-AA39-4B1D-AD31-AF73057A2226}.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job = C:\WINDOWS\TEMP\{A41F3401-2592-4F37-A882-BF816C4B7559}.exe
Task: C:\WINDOWS\Tasks\EPUpdater.job = C:\DOCUME~1\asd\DANEAP~1\BABSOL~1\Shared\BabMaint.exe ==== ATTENTION
HKLM\...\Run: [KernelFaultCheck] = %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1960408961-1123561945-1801674531-1004\...\MountPoints2: {0f08c0b5-a714-11e0-bdc5-00221563f2e3} - I:\cdstart.exe
HKU\S-1-5-21-1960408961-1123561945-1801674531-1004\...\MountPoints2: {1bef58b9-6e54-11e0-bd1a-00221563f2e3} - I:\cdstart.exe
HKU\S-1-5-21-1960408961-1123561945-1801674531-1004\...\MountPoints2: {4516f548-8026-11e2-835f-00221563f2e3} - I:\Install_Nokia_Ovi_Suite.exe
HKU\S-1-5-21-1960408961-1123561945-1801674531-1004\...\MountPoints2: {62b842e3-584b-11e3-84ff-00221563f2e3} - I:\cdstart.exe
HKU\S-1-5-21-1960408961-1123561945-1801674531-1004\...\MountPoints2: {afd92a97-f3ce-11e2-845d-00221563f2e3} - I:\setup.exe -a
HKU\S-1-5-21-1960408961-1123561945-1801674531-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] = "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1960408961-1123561945-1801674531-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] = "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
URLSearchHook: ATTENTION == Default URLSearchHook is missing.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=butm_medium=corfrom=coruid=SAMSUNGXHD502IJ_S13TJ90Q879494ts=1362583019
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {3D41F773-C2A2-4541-8F58-DF94FA1311D3} URL = http://search.yahoo.com/search?ei=utf-8fr=chr-vmntype=photopos2_0yachq={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKU\S-1-5-21-1960408961-1123561945-1801674531-1004 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1960408961-1123561945-1801674531-1004 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
CHR Plugin: (Babylon Chrome Plugin) - C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll No File
CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
S2 KMWDSERVICE; D:\KMWDSrv.exe [X]
S3 EagleNT; \\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2014-11-16 19:46 - 2014-11-16 19:50 - 00000000 ____ D () C:\AdwCleaner
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(dixick) #5

Zrobiłem już podać jeszcze raz raport??


(Acorus) #6

Jak dobrze zrobiłeś to nie.Skasuj folder C:\FRST