"Pozostałości" po Live Security Platinum

Underlay · 29 Sierpień 2012 13:11

Dzień Dobry, dzisiaj w nocy miałem problem z tym fałszywym oprogramowaniem, zaatakował mój system, nic nie mogłem zrobić, włączyć. Zrestartowałem komputer i uruchomiłem go w trybie awaryjnym. Następnie przywróciłem system z wcześniejszego dnia. Uruchomiłem ponownie komputer i wirusa nie było. Niestety nie wiem czy już mogę czuć się spokojnie, nie zostało coś naruszone w systemie? Dlatego wklejam logi, przy okazji możecie sprawdzić czy jakiegoś innego ■■■■■■■■■■ nie ma na moim kompie, które może spowalniać mój system.

OTL; http://wklej.org/id/820855/

Extras; http://wklej.org/id/820856/

Acorus · 29 Sierpień 2012 13:28

Odinstaluj vShare.tv plugin 1.3,vShare Toolbar Updater.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL IE - HKU\S-1-5-21-58019276-2474191812-2780332861-1000…\SearchScopes{7D9B073F-A1FF-4B13-804B-61001601877B}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYPL&apn_uid=F877FBBC-70C9-4156-AEC4-6EB4D64027F2&apn_sauid=8A46A6D0-57D8-4855-B486-FE66688EF337 IE - HKU\S-1-5-21-58019276-2474191812-2780332861-1000…\SearchScopes{C4A01746-C895-42FD-893E-C616836ACCB1}: “URL” = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-58019276-2474191812-2780332861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 FF - prefs.js…browser.search.defaultengine: “Web Search” FF - prefs.js…keyword.URL: “http://startsear.ch/?aff=1&q=” [2011-05-07 20:38:35 | 000,002,568 | ---- | M] () – C:\Users\SebaToba\AppData\Roaming\Mozilla\Firefox\Profiles\7ykcxa9s.default\searchplugins\askcom.xml [2011-07-11 20:04:02 | 000,000,633 | ---- | M] () – C:\Users\SebaToba\AppData\Roaming\Mozilla\Firefox\Profiles\7ykcxa9s.default\searchplugins\startsear.xml O2:64bit: - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found. O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found. O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-58019276-2474191812-2780332861-1000…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O8:64bit: - Extra context menu item: ???3?? - Reg Error: Value error. File not found O8:64bit: - Extra context menu item: ???3??? - Reg Error: Value error. File not found O8:64bit: - Extra context menu item: Download all links with IDM - Reg Error: Value error. File not found O8:64bit: - Extra context menu item: Download with IDM - Reg Error: Value error. File not found O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: ???3?? - Reg Error: Value error. File not found O8 - Extra context menu item: ???3??? - Reg Error: Value error. File not found O8 - Extra context menu item: Download all links with IDM - Reg Error: Value error. File not found O8 - Extra context menu item: Download with IDM - Reg Error: Value error. File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\allplayer.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\allskincreator.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\chrome.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\excel.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hkship.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\infopath.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jdownloaderd3d.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mspub.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mspview.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mstore.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\onenote.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\outlook.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\setup.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\unins000.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\uTorrent.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\vscontentinstaller.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\vslauncher.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\winword.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\allplayer.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\allskincreator.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\chrome.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\excel.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hkship.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\infopath.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jdownloaderd3d.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\msaccess.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\msoxmled.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mspub.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mspview.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mstore.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\onenote.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\outlook.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\unins000.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uninstall.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uTorrent.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\vscontentinstaller.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\vslauncher.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\winword.exe: Debugger - D:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) [2011-08-01 16:11:51 | 000,000,204 | ---- | C] () – C:\Windows\SysWow64\secustat.dat :Files C:\ProgramData\7531E8D9F53CE07102F7DC74F875F002 :Commands [emptytemp]

Kliknij Wykonaj skrypt.

W OTL użyj opcji Sprzątanie.

.Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa “Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje.”

Underlay · 29 Sierpień 2012 13:59

Mam rozumieć, że to już wszystko? Dzięki serdeczne. Dla pewności wkleję jeszcze log

otl; http://wklej.org/id/820910/