budda2012
(Budda1992)
10 Grudzień 2012 15:02
#1
Witam,
Mam problem z wirusem paysafecard(Cyberprzestępczość, POLICJA)… Tak więc uprzejmie proszę o pomoc w usunięciu tego wirusa:)
Oto logi: OTL–> http://www.wklej.eu/index.php?id=d49786f62a
Extras–> http://www.wklej.eu/index.php?id=bb02a1b69c
Z góry dziękuję za udzieloną pomoc!
Acorus
(Acorus)
10 Grudzień 2012 15:15
#2
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL O3:64bit: - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM…\Toolbar: (Certified Toolbar) - {0de094f5-e894-48c7-b16f-338d64674721} - C:\Users\Toshiba\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll File not found O3 - HKLM…\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O3 - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O3 - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O4 - HKLM…\Run: [ROC_ROC_JULY_P1] “C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe” / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM…\Run: [vProt] “C:\Program Files (x86)\AVG Secure Search\vprot.exe” File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found [2012-12-10 15:30:25 | 095,023,320 | ---- | M] () – C:\ProgramData\dsgsdgdsgdsgw.pad [2012-12-10 15:24:35 | 000,000,310 | ---- | M] () – C:\Windows\tasks\LJGIVGG.job [2012-12-10 13:26:18 | 000,001,056 | ---- | M] () – C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012-12-10 13:26:15 | 000,200,192 | ---- | M] () – C:\Users\Toshiba\wgsdgsdgdsgsd.exe [2010-10-02 22:58:25 | 000,006,162 | ---- | C] () – C:\Users\Toshiba\AppData\Roaming\wklnhst.dat :Commands [emptytemp]
Kliknij Wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
budda2012
(Budda1992)
10 Grudzień 2012 16:02
#3
Dziękuję za szybką odpowiedź.
Oto nowe logi:
Raport z usuwania—> http://www.wklej.eu/index.php?id=0e434f964b
OTL.txt—> http://www.wklej.eu/index.php?id=d1e6f531f5
Jeszcze raz dziękuję i pozdrawiam.
Acorus
(Acorus)
10 Grudzień 2012 16:40
#4
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM…\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: “URL” = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.qooqlle.com/ [binary data] IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\SearchScopes{3E813368-5968-4897-A86F-CA707466D4DB}: “URL” = http://mn.iamwired.net/websearch.php?src=tops&search={SearchTerms} IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\SearchScopes{42168F92-DA71-42E6-BC7F-132EAC1F1899}: “URL” = http://www.google.com/cse?cx=partner-pu … -8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com %2F IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\SearchScopes{8A5A9D8C-B597-4FCE-8962-23A89EA51C7C}: “URL” = http://search.avg.com/route/?d=4e0e1ec6 … =chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: “URL” = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKU\S-1-5-21-236529379-1051242915-401354344-1000…\SearchScopes{FCAEB9F9-7738-4EFD-95BE-5F3D4A9ED3B6}: “URL” = http://isearch.avg.com/search?cid={0CE3C80D-F6C9-4427-A691-B853D65FCE1C}&mid=e0211f73ffb8552532ef7629c28e43a5-b39fe78d98e62883610b9148b51358d8754eaf51〈=pl&ds=AVG&pr=fr&d=2011-09-20 21:46:10&v=10.0.0.7&sap=dsp&q={searchTerms} O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {0de094f5-e894-48c7-b16f-338d64674721} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O27:64bit: - HKLM IFEO\acad.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\acsignapply.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\acstart17.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\admigrator.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\adrefman.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\dwgcheckstandards.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\javaw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\javaws.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pc3exe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pcdiag.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\plu26.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\smoothview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\styexe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tacsprop.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\teco.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tempro.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tfcconf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tfcrst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\todisc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\toshibaservicestation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tosramutil.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tosssdalert.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tpchviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\acad.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\acsignapply.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\acstart17.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\admigrator.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\adrefman.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\dwgcheckstandards.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\javaw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\javaws.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pc3exe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pcdiag.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\plu26.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\smoothview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\styexe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tacsprop.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\teco.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tempro.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tfcconf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tfcrst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\todisc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\toshibaservicestation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tosramutil.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tosssdalert.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tpchviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) :Commands [emptytemp]
Kliknij Wykonaj skrypt. W OTL użyj opcji Sprzątanie.
Zainstaluj aktualizacje do programow wskazanych przez Security Check
analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.
budda2012
(Budda1992)
10 Grudzień 2012 17:46
#5
Dziękuję, wkleję raport z SecurityCheck na wszelki wypadek:
Acorus
(Acorus)
10 Grudzień 2012 18:14
#6
Aktualizacja Int.Exp. do wersji 9
Odinstaluj :
Java 6 Update 29
Adobe Reader 10.1.4
Zainstaluj:
Java http://www.java.com/pl/download/
ftp://ftp.adobe.com/pub/adobe/reader/wi … _pl_PL.exe
Aktualizacja Firefoxa.