Problem z coin miner

grzesiek883 · 12 Listopad 2011 16:21

Mam problem z wirusem coin miner. Oto log z OTL

Acorus · 12 Listopad 2011 17:29

Odinstaluj AutocompletePro,Freecorder Toolbar,NCH Toolbar,Softonic-Polska Toolbar,free-downloads.net Toolbar,SweetIM Toolbar for Internet Explorer.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL SRV - [2011-11-04 10:03:28 | 000,257,024 | ---- | M] () [Auto | Running] – C:\Windows\sysdriver32.exe – (srvsysdriver32) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM…\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) IE - HKLM…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM…\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.) IE - HKLM…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKLM…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU…\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaultenginename: “Ask.com” FF - prefs.js…browser.search.defaultthis.engineName: “Brothersoft Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}” FF - prefs.js…browser.search.order.1: “Ask.com” FF - prefs.js…browser.search.selectedEngine: “Ask.com” FF - prefs.js…extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.2.1.3 FF - prefs.js…extensions.enabledItems: toolbar@ask.com:3.12.2.16749 FF - prefs.js…sweetim.toolbar.previous.browser.search.defaultenginename: “Web Search…” FF - prefs.js…sweetim.toolbar.previous.browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}” FF - prefs.js…sweetim.toolbar.previous.keyword.URL: “http://vshare.toolbarhome.com/search.aspx?srch=ku&q=” [2011-01-19 23:21:26 | 000,000,000 | —D | M] (Winamp Toolbar) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011-09-28 06:03:17 | 000,000,000 | —D | M] (Freecorder Community Toolbar) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2011-09-28 06:03:22 | 000,000,000 | —D | M] (NCH Community Toolbar) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2011-10-11 13:02:23 | 000,000,000 | —D | M] (Softonic-Polska Community Toolbar) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} [2011-09-28 06:03:26 | 000,000,000 | —D | M] (Brothersoft Community Toolbar) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions{e8de9422-3b2c-4243-bf6f-235da84d8ef8} [2011-09-08 14:08:38 | 000,000,000 | —D | M] (free-downloads.net Community Toolbar) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions{ecdee021-0d17-467f-a1ff-c7a115230949} [2011-07-08 12:40:43 | 000,000,000 | —D | M] (Conduit Engine) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions\engine@conduit.com [2011-01-01 16:51:34 | 000,000,000 | —D | M] (“AutocompletePro - Your handy search suggestions tool”) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions\support@predictad.com [2010-12-05 17:36:14 | 000,000,000 | —D | M] (vShare) – C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\vuqqk7lh.default\extensions\vshare@toolbar [2011-11-10 21:03:06 | 000,002,567 | ---- | M] () – C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\vuqqk7lh.default\searchplugins\askcom.xml [2010-10-20 14:40:12 | 000,000,923 | ---- | M] () – C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\vuqqk7lh.default\searchplugins\conduit.xml [2010-12-18 20:32:14 | 000,003,915 | ---- | M] () – C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\vuqqk7lh.default\searchplugins\sweetim.xml [2010-12-05 17:36:24 | 000,001,583 | ---- | M] () – C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\vuqqk7lh.default\searchplugins\web-search.xml [2011-01-19 23:22:11 | 000,001,196 | ---- | M] () – C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\vuqqk7lh.default\searchplugins\winamp-search.xml O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll File not found O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.) O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM…\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM…\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU…\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM…\Run: [4410952.exe] C:\Windows\temp\4410952.exe () O4 - HKLM…\Run: [5874267.exe] C:\Windows\temp\5874267.exe () O4 - HKLM…\Run: [8719595.exe] C:\Users\Asus\AppData\Local\Temp\8719595.exe () O4 - HKLM…\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe () O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] C:\Windows\update.tray-3-0\svchost.exe (Cronosoft) O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [updateReminder] C:\Program Files (x86)\Eset\UpdateReminder.exe File not found O4 - HKLM…\Run: [wxpdrv] C:\Windows\services32.exe File not found [2011-11-04 10:06:23 | 000,000,000 | —D | C] – C:\Windows\rpcminer [2011-11-04 10:06:23 | 000,000,000 | —D | C] – C:\Windows\phoenix [2011-11-04 10:05:33 | 000,000,000 | -H-D | C] – C:\Windows\update.5.0 [2011-11-04 10:05:21 | 000,000,000 | -H-D | C] – C:\Windows\update.2 [2011-11-04 10:02:41 | 000,000,000 | -HSD | C] – C:$RECYCLE.BIN [2011-11-03 19:55:24 | 000,000,000 | —D | C] – C:\Windows\av_ico [2011-10-31 23:58:40 | 000,000,000 | —D | C] – C:\Windows\ufa [2011-10-31 23:52:57 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-3-0-lnk [2011-10-31 23:52:57 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-3-0 [2011-11-12 16:00:51 | 000,000,734 | ---- | M] () – C:\Windows\SysNative\drivers\etc\hîsts [2011-11-07 19:04:04 | 005,589,370 | ---- | M] () – C:\Windows\phoenix.rar [2011-11-07 19:04:04 | 001,075,284 | ---- | M] () – C:\Windows\rpcminer.rar [2011-11-07 19:04:04 | 000,246,272 | ---- | M] () – C:\Windows\unrar.exe [2011-11-07 19:04:04 | 000,182,617 | ---- | M] () – C:\Windows\ufa.rar [2011-11-04 10:05:39 | 000,000,113 | ---- | M] () – C:\Windows\info1 [2011-11-04 10:05:24 | 000,904,792 | ---- | M] () – C:\Windows\geoiplist.rar [2011-11-04 10:04:00 | 000,000,000 | ---- | M] () – C:\Windows\loader2.exe_ok [2011-11-04 10:03:28 | 000,257,024 | ---- | M] () – C:\Windows\sysdriver32_.exe [2011-11-04 10:03:28 | 000,257,024 | ---- | M] () – C:\Windows\sysdriver32.exe :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Files C:\Users\Asus\AppData\Local\Temp*.html :Commands [emptytemp] [resethosts]

Kliknij Wykonaj skrypt .Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.