Trojan JS:Downloader-ZY [Trj]

Dla specjalistów Bezpieczeństwo
#1

na każdej stronie ostrzeżenia

 

URL: http://utils.cdneurope.com/js/mo.js{gzip}

 

Infekcja: JS:Downloader-ZY [Trj]

 

jak sie tego pozbyć

 

wrzucam log ze scanu FRST

Addition.txt

FRST.txt

#2

Odinstaluj AVG Security Toolbar,Conduit Engine,Google Update Helper,hosts,IePluginService12.27.0.3326,iVIDI Plugin 1.3,Unitech LLC toolbar,Update for Mipony Download Manager,VIS.Użyj AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/ z funkcji Skan(Szukaj) a następnie Clean(usuń) (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).Pokaż now logi z FRST.

#3

http://wklej.org/id/1371894/

#4

Otwórz Notatnik i wklej:

HKU\S-1-5-21-515967899-1614895754-839522115-1003\...\Run: [] = [X]
HKU\S-1-5-21-515967899-1614895754-839522115-1003\...\MountPoints2: {2f33d8ae-ce28-11e3-854b-001d60c32ea5} - J:\PMBP_Win.exe
HKU\S-1-5-21-515967899-1614895754-839522115-1003\...\MountPoints2: {647a5895-131b-11e3-82af-d17c98fea9ea} - H:\Install_Nokia_Ovi_Suite.exe
HKU\S-1-5-21-515967899-1614895754-839522115-1003\...\MountPoints2: {a1a99bb7-06ef-11e0-b78e-ef372177108c} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-515967899-1614895754-839522115-1003\...\MountPoints2: {a1a99bba-06ef-11e0-b78e-ef372177108c} - H:\Install_Nokia_Ovi_Suite.exe
HKU\S-1-5-21-515967899-1614895754-839522115-1003\...\MountPoints2: {e829b6bf-2806-11de-b01b-001d60c32ea5} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKU\S-1-5-21-515967899-1614895754-839522115-1003\...\MountPoints2: {e829b6c0-2806-11de-b01b-001d60c32ea5} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - 129761F6-F2F3-4033-919B-014CCF0AD19F URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKCU - 129761F6-F2F3-4033-919B-014CCF0AD19F URL = http://www.dogpile.com/search/web?fcoid=417fcop=topnavfpid=27ql=q={searchTerms}
SearchScopes: HKCU - {FCBBD7C8-DBFA-4D7B-BACF-7A0086E9B8B4} URL = http://search.ividi.org/?q={searchTerms}src=tbspid=ec4ba700000000000000005345000000affilt=3
BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No File
Toolbar: HKCU - No Name - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - No File
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1a=irmsd1202cd=2XzuyEtN2Y1L1Qzu0AyBtDtDtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1Rcr=1655248751ir=",
"hxxp://search.ividi.org/?src=tbhpid=ec4ba700000000000000005345000000affilt=3"
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Extension: (iVidi Chrome Toolbar) - C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2013-09-23]
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
S2 BNDMSS; C:\WINDOWS\system32\bndmss.exe [X]
S3 dtscsi; \SystemRoot\System32\Drivers\dtscsi.sys [X]
2014-05-25 14:06 - 2014-05-25 14:07 - 00000000 ____ D () C:\AdwCleaner
C:\Documents and Settings\Driver (D)\InstMsiA.exe
C:\Documents and Settings\Driver (D)\InstMsiW.exe
C:\Documents and Settings\Driver (D)\Setup.exe
C:\Documents and Settings\Driver (D)\vcredist.exe
C:\Windows\Tasks\At4.job

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST