Spowolniony system, Logi OTL, Podejrzenie Infekcji

Dla specjalistów Bezpieczeństwo
#1

Log OTL - http://wklej.to/eyeoP

Extras - http://wklej.to/yTz4b

#2

Odinstaluj:

FTDownloader

Bonanza Deals

Funmoods

uTorrentControl_v2 Toolbar

V9 Homepage Uninstaller

IB Updater Service

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Do okna Własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKLM..\Run: [Java Runtime Environment] C:\Users\Karol\AppData\Roaming\jre.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-2164581329-1563874160-794290562-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-2164581329-1563874160-794290562-1003..\Run: [AQQ] D:\WAPSTE~1\AQQ.exe File not found
O4 - HKU\S-1-5-21-2164581329-1563874160-794290562-1003..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-2164581329-1563874160-794290562-1003..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2164581329-1563874160-794290562-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
:Commands
[emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

#3

Odinstaluj WebCake 3.00,Bonanza Deals (remove only),Funmoods,uTorrentControl_v2 Toolbar,V9 Homepage Uninstaller,IB Updater Service.Użyj AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner z funkcji Skan(Szukaj) a następnie Clean(usuń) (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).

Pokaż nowy OTL.txt

#4

Raport z wykonania skryptu OTL - http://wklej.to/AE5Kv

Nowy Log OTL - http://wklej.to/AwkQQ

Log z usuwania AdwCleaner - http://wklej.to/xoycz

#5

Wklej i kliknij Wykonaj skrypt:

:OTL
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=117023&tt=4912_8&babsrc=HP_ss&mntrId=a4dff0eb0000000000006cf049d0ac40
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=pbr&from=pbr&uid=1052514_133120_8396809_395049983_A4DFF0EB&ts=1354559434
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3220468
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120211&user_guid=511759452CD145E787C2905A85E25ABF&machine_id=9ca37a9f142c0b5846b16f582e51a8a9&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=117023&tt=4912_8&babsrc=SP_ss&mntrId=a4dff0eb0000000000006cf049d0ac40
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={469C4AA0-66F6-11E2-AB9A-95A65712553F}
[2012-12-04 13:28:23 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\Karol\AppData\Roaming\Mozilla\Profiles\extensions\ffxtlbr@babylon.com
[2013-05-28 17:09:42 | 000,197,611 | ---- | M] () (No name found) -- C:\Users\Karol\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader4@ftdownloader.com.xpi
O3 - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O3 - HKU\S-1-5-21-2164581329-1563874160-794290562-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
[2014-03-04 20:28:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-01-18 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\EurekaLog

Uruchom OTL i kliknij Sprzątanie.

Usuń stare punkty przywracania:

Aby usunąć wszystkie punkty przywracania

Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware PRO.

http://wstaw.org/m/2012/12/29/2012-12-29_005346.png

#6

Log z wykonania skryptu - http://wklej.to/EP8Ur

Log z Security Check - http://wklej.to/jMcT2

#7

Odinstaluj Java 7 Update 45.

Zainstaluj:

Java 7 Update 51

Service Pack 1 x64 (903.2 MB)

Internet Explorer 11