Robak/wirus - zmiana uprawnień

piter1811 · 10 Grudzień 2013 19:50

Witajcie.

Atis · 10 Grudzień 2013 19:58

Do okna Własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKCU..\Run: [NextLive] C:\Users\Ja\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - Startup: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.ini.url ()
F3:[b]64bit:[/b] - HKCU WinNT: Load - (C:\ProgramData\{$1284-9213-2940-1289$}\msconfig.exe) - C:\ProgramData\{$1284-9213-2940-1289$}\msconfig.exe ()
F3 - HKCU WinNT: Load - (C:\ProgramData\{$1284-9213-2940-1289$}\msconfig.exe) - C:\ProgramData\{$1284-9213-2940-1289$}\msconfig.exe ()
O27:[b]64bit:[/b] - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\avp.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\TuneUpUtilitiesApp64.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\TuneUpUtilitiesService64.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27:[b]64bit:[/b] - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\TuneUpUtilitiesApp64.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\TuneUpUtilitiesService64.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
[2013-12-09 22:49:31 | 000,000,000 | -HSD | C] -- C:\Users\Ja\AppData\Roaming\msgr
[2013-12-09 22:29:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{$1284-9213-2940-1289$}
[2013-12-09 22:28:03 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Local\cache
[2013-12-09 22:28:03 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\newnext.me
[2013-12-09 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\Ja\Documents\Mobogenie
[2013-12-09 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Local\Mobogenie
[2013-12-09 22:27:55 | 000,000,000 | ---D | C] -- C:\Users\Ja\AppData\Roaming\eCyber
[2013-12-09 22:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013-12-09 23:02:55 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013-12-09 23:03:22 | 000,000,076 | ---- | M] () -- C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.ini.url
:Commands
[emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

piter1811 · 10 Grudzień 2013 21:16

załączam logi. pierwszy po usunięciu drugi po skanie

12102013_215914.txt

OTL.Txt

Atis · 10 Grudzień 2013 22:08

Nie wiem w jakim celu zainstalowałeś ten przestarzały program Spybot.

Wklej i kliknij Wykonaj skrypt:

:OTL
[2013-12-09 23:34:18 | 000,000,000 | ---D | C] -- C:\Users\Ja\Doctor Web
[2013-12-09 23:28:59 | 000,000,000 | -HSD | C] -- C:\Users\Ja\AppData\Roaming\msgre
[2013-06-29 21:16:09 | 000,000,037 | -HS- | C] () -- C:\Users\Ja\AppData\Local\70149b02515b3bb20dd492.47983420

Uruchom OTL i kliknij Sprzątanie.

piter1811 · 10 Grudzień 2013 22:18

sam sie zastanawiam…

Atis · 10 Grudzień 2013 23:58

Nie widać żadnej infekcji.

piter1811 · 11 Grudzień 2013 00:04

no właśnie… to dlaczego nie można wejsc lub usunąć niektórych folderów a programy znikneły z dodaj/usun? (tylko niektóre)