SicuFinal
30 Styczeń 2013 12:28
#1
Otóż moja koleżanka złapała wirusa który pisze jakieś posty łał - to ty? i jakiś link z infekcją.
Przesyłam jej logi OTL
OTL http://www.wklej.org/id/942265/
EXTRAS http://www.wklej.org/id/942268/
Acorus
30 Styczeń 2013 13:00
#2
Odinstaluj SweetPacks Toolbar for Internet Explorer 4.4,Akamai NetSession Interface Service,DAEMON Tools Toolbar,mySyncCell Toolbar,My Web Search,Shvoong PO Toolbar,Softonic-Polska Toolbar,V9 HomeTool,Akamai NetSession Interface.Wyłącz przeglądarki.Użyj AdwCleaner http://general-changelog-team.fr/fr/dow … adwcleaner z funkcji Usuń(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV - [2011-05-29 10:09:15 | 000,028,762 | ---- | M] (MyWebSearch.com ) [Auto | Running] – C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe – (MyWebSearchService) O3:64bit: - HKLM…\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3:64bit: - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM…\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {aa6d22c2-6ed8-4747-9efe-d1b29525cad2} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {d46d0a6c-fab1-45a4-997e-030450e41de5} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O3 - HKU\S-1-5-21-4131298235-3211395661-3005993818-1000…\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O4 - HKLM…\Run: [l1rezerv.exe] C:\Windows\l1rezerv.exe () O4 - HKLM…\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe” /m=2 /w /h File not found O4 - HKLM…\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe () O4 - HKLM…\Run: [systemup] C:\Windows\systemup.exe () O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe (Cronosoft) O4 - HKLM…\Run: [tray_ico1] C:\Windows\update.tray-8-0\svchost.exe (Cronosoft) O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [wxpdrv] C:\Windows\services32.exe (Cronosoft) O4 - HKU\S-1-5-21-4131298235-3211395661-3005993818-1000…\Run: [Akamai NetSession Interface] C:\Users\Noname\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4131298235-3211395661-3005993818-1000…\Run: [MSConfig] C:\Users\Noname\lyvfmfty.exe (TODO: <Название компании>) O4 - HKU\S-1-5-21-4131298235-3211395661-3005993818-1000…\Run: [P2kAutostart] File not found O4 - HKU\S-1-5-21-4131298235-3211395661-3005993818-1000…\Run: [rmlkexn] C:\Users\Noname\AppData\Local\qawblh.exe () O4 - HKU\S-1-5-21-4131298235-3211395661-3005993818-1000…\Run: [woaurud] C:\Users\Noname\woaurud.exe () O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Noname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pnnty.exe () [2012-12-25 21:56:24 | 000,054,360 | -H-- | C] (TODO: <Название компании>) – C:\Users\Noname\lyvfmfty.exe [2012-12-01 21:00:26 | 000,000,000 | —D | C] – C:\Users\Noname\AppData\Local\supt4pc_pl_1 [2012-12-01 21:00:25 | 000,000,000 | —D | C] – C:\Users\Noname\AppData\Local\tuto4pc_pl_1 [2012-12-01 21:00:25 | 000,000,000 | —D | C] – C:\Program Files (x86)\TUTO4PC [2012-12-01 21:00:08 | 000,000,000 | —D | C] – C:\Users\Noname\AppData\Roaming\PerformerSoft [2012-12-01 20:57:56 | 000,000,000 | —D | C] – C:\ProgramData\Browser Manager [2012-12-01 20:56:55 | 000,000,000 | —D | C] – C:\Users\Noname\AppData\Roaming\Claro [2012-12-01 20:56:30 | 000,000,000 | —D | C] – C:\Program Files (x86)\Claro LTD [2012-12-01 20:54:15 | 000,000,000 | —D | C] – C:\ProgramData\IBUpdaterService [2010-09-16 18:42:21 | 002,736,736 | ---- | C] (Conduit Ltd.) – C:\Program Files (x86)\tbSoft.dll [2013-01-30 11:27:45 | 000,000,734 | ---- | M] () – C:\Windows\SysNative\drivers\etc\hîsts [2012-07-18 12:37:00 | 000,045,056 | RHS- | C] () – C:\Windows\SysWow64\woaurud.exe [2012-07-18 12:37:00 | 000,045,056 | RHS- | C] () – C:\Users\Noname\woaurud.exe [2012-06-20 17:31:13 | 000,145,412 | R-S- | C] () – C:\Users\Noname\AppData\Local\qawblh.exe [2012-02-20 09:38:49 | 000,130,560 | ---- | C] () – C:\Windows\systemup.exe [2012-01-20 15:50:17 | 000,232,960 | ---- | C] () – C:\Windows\l1rezerv.exe [2011-10-29 10:54:50 | 000,000,000 | ---- | C] () – C:\Windows\loader2.exe_ok [2011-10-29 10:54:48 | 000,257,024 | ---- | C] () – C:\Windows\sysdriver32_.exe [2011-10-29 10:54:33 | 000,257,024 | ---- | C] () – C:\Windows\sysdriver32.exe @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:43A7A7AD @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:58481C6F @Alternate Data Stream - 1227008 bytes -> C:\Windows\Temp:temp @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C3C72D5F @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:44962BFA @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BE7A0841 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E2324645 :Commands [emptytemp] [resethosts]
Kliknij Wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
SicuFinal
30 Styczeń 2013 14:08
#3
Acorus
30 Styczeń 2013 14:20
#4
Użyj Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa “Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje.”
Pokaż nowy OTL.txt