Trojan LYRMIX


(Chomikowy Pedziwiatr) #1

Grając na kurnik.pl zauważyłem, że mój komputer został zainfekowany tytułowym LYRMIXem, dlatego zwracam się do Was o pomoc.

 

OTL:

 

Extras:


(Acorus) #2

Odinstaluj Yontoo 1.10.03,SUPERAntiSpyware,McAfee Security Scan Plus,IObit Apps Toolbar v6.6,Internet Explorer Toolbar 4.6 by SweetPacks,Bonanza Deals (remove only),FilesFrog Update Checker,

Optimizer Pro v3.2,IB Updater Service,Akamai NetSession Interface,

Update_for_BonanzaDeals,VuuPC Packages.Użyj AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner z funkcji Skan(Szukaj) a następnie Clean(usuń) (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).

Pokaż nowy OTL.txt


(Chomikowy Pedziwiatr) #3

http://wklej.org/id/1259502/


(Acorus) #4

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL
IE - HKU\S-1-5-21-648547546-669288864-3198938535-1001\..\SearchScopes\{D480A19D-2D87-4A68-81C3-ADD8C35D1859}: "URL" = http://websearch.ask.com/redirect?client=ietb=ORJo=100000027src=kwq={searchTerms}locale=en_USapn_ptnrs=^U3apn_dtid=^OSJ000^YY^PLapn_uid=7C8D864E-63EF-4FAA-816C-0C462D73CF4Capn_sauid=7651323F-00B4-418C-A19E-7870E22AAE67
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..extensions.enabledAddons: iobitapps%40mybrowserbar.com:6.6
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
[2013-01-26 17:50:18 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Drops\AppData\Roaming\mozilla\Firefox\Profiles\7f28meat.default\extensions\{8b9fe9be-f7dd-451e-ac96-0e568e0ecc10}
[2013-08-17 12:18:57 | 000,002,533 | ---- | M] () -- C:\Users\Drops\AppData\Roaming\mozilla\firefox\profiles\7f28meat.default\searchplugins\aol-search.xml
CHR - plugin: BonanzaDealsLive Update (Disabled) = C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-648547546-669288864-3198938535-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Wizytator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk = File not found
[2014-02-01 14:48:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-01-31 09:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HTmilChecker
[2014-01-31 09:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\miiaboelonabgpmofnfcahjkijmfcaal
[2014-01-24 17:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PurriceDDownloaeder
[2014-01-24 17:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\lgmpmieedegcbdjfafnblmfiadcebcgg
[2014-01-24 17:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\e14a29ac6af8b928
[2014-01-24 17:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AppToUU
[2014-02-02 11:21:00 | 000,000,304 | ---- | M] () -- C:\windows\tasks\Bonanza.job
[2014-02-02 11:03:11 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-648547546-669288864-3198938535-1001UA.job
[2014-02-01 13:37:01 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-648547546-669288864-3198938535-1001Core.job

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.