TornadoS12
(Tornado899)
9 Październik 2012 15:46
#1
Witam od pewnego czasu posiadam wirusa skeypa który spamuje do ludzi hej czy to twoj nowy profil itp… oto logi otl
otl: http://wklej.to/eh8rl
extras: http://wklej.to/46Bif
Acorus
(Acorus)
9 Październik 2012 16:38
#2
Odinstaluj Spybot - Search & Destroy,AVG Security Toolbar,Incredibar Toolbar on IE,Optimizer Pro v3.0,Deinstalator Strony V9.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV:64bit: - [2012-09-13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] – C:\Windows\SysNative\dmwu.exe – (WebOptimizer) SRV:64bit: - [2012-09-03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] – C:\Program Files\Web Assistant\ExtensionUpdaterService.exe – (Web Assistant Updater) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/ins/ins_1330959872_303912 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/ins/ins_1330959872_303912 IE - HKU\S-1-5-21-90926556-1917332877-4019556737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/ins/ins_1330959872_303912 IE - HKU\S-1-5-21-90926556-1917332877-4019556737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={FE4FF6F2-05BB-429F-93AF-D18500B4CA71}&mid=31b32bf106cf47d0aed281ac0f87cd84-ff5f0f3ac8f714282c38b0a0f8aa8e53b7d3d94f〈=pl&ds=xn011&pr=sa&d=2012-10-07 21:26:44&v=13.0.0.7&sap=hp IE - HKU\S-1-5-21-90926556-1917332877-4019556737-1000…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=427ad02e00000000000050e549632477 IE - HKU\S-1-5-21-90926556-1917332877-4019556737-1000…\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}: “URL” = https://isearch.avg.com/search?cid={FE4FF6F2-05BB-429F-93AF-D18500B4CA71}&mid=31b32bf106cf47d0aed281ac0f87cd84-ff5f0f3ac8f714282c38b0a0f8aa8e53b7d3d94f〈=pl&ds=xn011&pr=sa&d=2012-10-07 21:26:44&v=13.0.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-90926556-1917332877-4019556737-1000…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyJiuwkw6&i=26 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.0.0.7 [2012-10-07 21:26:52 | 000,000,000 | —D | M] O3 - HKLM…\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.0.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM…\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com \incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-90926556-1917332877-4019556737-1001…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found [2012-09-13 15:26:50 | 001,259,888 | ---- | M] () – C:\Windows\SysNative\dmwu.exe :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.
Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).