Problem z Win32/Adware

eMbe · 31 Styczeń 2010 17:28

mój komp złapał wirusa Win32/Adware

mieszczącego się : C:\DOCUME~1\Madzia\USTAWI~1\Temp\cvasds0.dll i mój NOD sobie z tym nie radzi. znajduje go, ale mówi - wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie

co robić, co robić?

nie jestem dobra w te klocki

– Dodane 31.01.2010 (N) 19:44 –

log z otl.txt

http://www.wklejto.pl/56200’

i log z extras.txt

http://wklejto.pl/56201

Gutek · 31 Styczeń 2010 21:51

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:Processes Explorer.EXE :OTL PRC - [2010-01-29 20:12:24 | 000,058,744 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice139.exe PRC - [2010-01-29 20:12:24 | 000,058,744 | ---- | M] () – C:\Program Files\QuestService\questservice.exe PRC - [2009-11-26 18:27:36 | 000,348,160 | ---- | M] () – C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe MOD - [2010-01-29 20:12:18 | 000,589,824 | ---- | M] () – C:\Program Files\QuestService\questservice.dll SRV - [2010-01-29 20:12:24 | 000,058,744 | ---- | M] () [Auto | Running] – C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice139.exe – (QuestService Service) FF - prefs.js…extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5190 FF - prefs.js…extensions.enabledItems: BSToolbar@toolbarnet.com:1.0.0.4 FF - prefs.js…extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1800 FF - prefs.js…extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0 FF - prefs.js…extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1840 FF - HKLM\software\mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1840\FF [2009-12-05 22:51:56 | 000,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF [2009-12-05 22:52:16 | 000,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF [2009-12-05 22:52:36 | 000,000,000 | —D | M] [2006-10-11 21:43:06 | 000,000,000 | —D | M] (WhenU) – C:\Program Files\Mozilla Firefox\extensions{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34} [2010-01-30 09:20:44 | 000,000,000 | —D | M] (QuestService) – C:\Program Files\Mozilla Firefox\extensions{F2DDDB92-1605-4260-9B25-45A4DAE87B50} O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll () O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPAIEAddOn.dll () O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll () O2 - BHO: (TCP) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll () O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll () O3 - HKLM…\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll () O3 - HKU\S-1-5-21-1738470603-1126907014-1058378149-1005…\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1738470603-1126907014-1058378149-1005…\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-1738470603-1126907014-1058378149-1005…\Toolbar\WebBrowser: (no name) - {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - No CLSID value found. O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [internet Today Task] C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe () O4 - HKLM…\Run: [KernelFaultCheck] File not found O4 - HKU\S-1-5-21-1738470603-1126907014-1058378149-1005…\Run: [cdoosoft] C:\Documents and Settings\Madzia\Ustawienia lokalne\Temp\herss.exe () O32 - AutoRun File - [2010-01-31 18:59:12 | 000,000,057 | RHS- | M] () - C:\autorun.inf – [FAT32] O32 - AutoRun File - [2010-01-31 18:59:12 | 000,000,057 | RHS- | M] () - D:\autorun.inf – [FAT32] O33 - MountPoints2{3a910d6e-b66d-11de-b13d-0009dd600c27}\Shell\AutoRun\command - “” = F:\vlvtdflx.exe – File not found O33 - MountPoints2{3a910d6e-b66d-11de-b13d-0009dd600c27}\Shell\open\Command - “” = F:\vlvtdflx.exe – File not found O33 - MountPoints2{3a910d6f-b66d-11de-b13d-0009dd600c27}\Shell\AutoRun\command - “” = G:\USBNB.exe – File not found O33 - MountPoints2{ac499ea4-0da2-11de-b04c-0009dd600c27}\Shell\AutoRun\command - “” = F:\sp1jensi.exe – File not found O33 - MountPoints2{ac499ea4-0da2-11de-b04c-0009dd600c27}\Shell\open\Command - “” = F:\sp1jensi.exe – File not found O33 - MountPoints2{c1b90448-57bd-11db-a9aa-806d6172696f}\Shell\AutoRun\command - “” = C:\1hqup.exe – [2010-01-31 16:52:48 | 000,090,624 | RHS- | M] () O33 - MountPoints2{c1b90448-57bd-11db-a9aa-806d6172696f}\Shell\open\Command - “” = C:\1hqup.exe – [2010-01-31 16:52:48 | 000,090,624 | RHS- | M] () O33 - MountPoints2{c1b90449-57bd-11db-a9aa-806d6172696f}\Shell\AutoRun\command - “” = D:\1hqup.exe – [2010-01-31 16:52:48 | 000,090,624 | RHS- | M] () O33 - MountPoints2{c1b90449-57bd-11db-a9aa-806d6172696f}\Shell\open\Command - “” = D:\1hqup.exe – [2010-01-31 16:52:48 | 000,090,624 | RHS- | M] () [2010-01-31 19:01:02 | 000,000,057 | RHS- | M] () – C:\autorun.inf [2010-01-31 16:52:48 | 000,090,624 | RHS- | M] () – C:\1hqup.exe [2010-01-29 19:47:18 | 000,097,280 | RHS- | M] () – C:\mvmdh.exe [2010-01-28 00:53:12 | 000,120,832 | RHS- | M] () – C:\e9naq.exe [2010-01-15 16:40:10 | 000,000,284 | ---- | M] () – C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010-01-31 09:34:35 | 000,090,624 | RHS- | C] () – C:\1hqup.exe [2010-01-29 19:48:00 | 000,097,280 | RHS- | C] () – C:\mvmdh.exe [2010-01-28 00:53:41 | 000,120,832 | RHS- | C] () – C:\e9naq.exe [2010-01-02 09:50:49 | 000,120,320 | RHS- | C] () – C:\h0.exe :Files C:\autorun.inf C:\1hqup.exe C:\mvmdh.exe C:\e9naq.exe C:\h0.exe C:\Documents and Settings\Madzia\Ustawienia lokalne\Temp\herss.exe :Services QuestService Service :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.