Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

"Policyjny" wirus log otl

szumi_szumi 20 Sty 2013 17:13 1635 7
  • Pomocny post
    #2 20 Sty 2013 17:36
    Acorus 20
    Spec od komputerów

    Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Cytat:
    :OTL
    [2013-01-20 15:35:36 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
    [2013-01-20 15:35:36 | 000,000,069 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
    [2013-01-20 15:35:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
    @Alternate Data Stream - 1182 bytes -> C:\Program Files (x86)\Common Files\System:VK5gAlkj2cIx9TC2S6E7lt2R
    @Alternate Data Stream - 1138 bytes -> C:\Users\ANK&ART&BOG\AppData\Local\Temp:ydJxUdSFJj6N32SYHPV7h
    @Alternate Data Stream - 1114 bytes -> C:\ProgramData\Microsoft:g1aiGSNisNdRbOCCn1s8IjRLVif
    @Alternate Data Stream - 1081 bytes -> C:\ProgramData\Microsoft:BNuOMM1GaWtP7UvR3ulzOQL

    :Commands
    [emptytemp]


    Kliknij Wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
    Pokaż nowy log OTL.txt oraz raport z usuwania.

    0
  • Pomocny post
    #3 20 Sty 2013 17:37
    Kolobos
    Spec od komputerów

    Wykonaj skrypt w OTL:

    :OTL
    IE - HKLM\..\SearchScopes\{C9E19DE0-74C6-4CA6-A3C4-B499CEF37CF4}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2917454170-1362837901-794280854-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
    IE - HKU\S-1-5-21-2917454170-1362837901-794280854-1001\..\SearchScopes\{08C65378-80CF-4b71-90EE-DC5FFB48F5A7}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
    IE - HKU\S-1-5-21-2917454170-1362837901-794280854-1001\..\SearchScopes\{22069A55-BE54-4961-928F-1B4FBC041F30}: "URL" = http://www.google.com/custom?client=pub-37942...3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
    IE - HKU\S-1-5-21-2917454170-1362837901-794280854-1001\..\SearchScopes\{52BAEEDB-9153-4273-A44E-91DFB19E51A4}: "URL" = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
    IE - HKU\S-1-5-21-2917454170-1362837901-794280854-1001\..\SearchScopes\{C9E19DE0-74C6-4CA6-A3C4-B499CEF37CF4}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - C:\ProgramData\dsgsdgdsgdsgw.bat ()
    [2013-01-20 15:35:36 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
    [2013-01-20 15:35:36 | 000,000,069 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
    [2013-01-20 15:35:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
    @Alternate Data Stream - 1182 bytes -> C:\Program Files (x86)\Common Files\System:VK5gAlkj2cIx9TC2S6E7lt2R
    @Alternate Data Stream - 1138 bytes -> C:\Users\ANK&ART&BOG\AppData\Local\Temp:ydJxUdSFJj6N32SYHPV7h
    @Alternate Data Stream - 1114 bytes -> C:\ProgramData\Microsoft:g1aiGSNisNdRbOCCn1s8IjRLVif
    @Alternate Data Stream - 1081 bytes -> C:\ProgramData\Microsoft:BNuOMM1GaWtP7UvR3ulzOQL


    Zainstaluj aktualizacje do javy -> www.java.com

    Po wykonaniu daj nowy log z OTL.

    0
  • #4 20 Sty 2013 17:55
    szumi_szumi
    Poziom 2  

    Zrobiłem jak napisałeś Acorus 20, wrzucam raport i drugi skan. Kolobos dzięki za pochylenie się nad tym logiem

    raport

    Code:
    All processes killed
    
    ========== OTL ==========
    C:\ProgramData\dsgsdgdsgdsgw.reg moved successfully.
    C:\ProgramData\dsgsdgdsgdsgw.bat moved successfully.
    C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
    ADS C:\Program Files (x86)\Common Files\System:VK5gAlkj2cIx9TC2S6E7lt2R deleted successfully.
    ADS C:\Users\ANK&ART&BOG\AppData\Local\Temp:ydJxUdSFJj6N32SYHPV7h deleted successfully.
    ADS C:\ProgramData\Microsoft:g1aiGSNisNdRbOCCn1s8IjRLVif deleted successfully.
    ADS C:\ProgramData\Microsoft:BNuOMM1GaWtP7UvR3ulzOQL deleted successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: ANK&ART&BOG
    ->Temp folder emptied: 679018 bytes
    ->Temporary Internet Files folder emptied: 3448697 bytes
    ->Java cache emptied: 173415 bytes
    ->FireFox cache emptied: 223554677 bytes
    ->Google Chrome cache emptied: 346718149 bytes
    ->Flash cache emptied: 58919 bytes
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56478 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Public
    ->Temp folder emptied: 0 bytes
     
    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 336809004 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68032 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 869,00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 01202013_173727

    Files\Folders moved on Reboot...
    C:\Users\ANK&ART&BOG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    0
  • #5 20 Sty 2013 18:06
    Acorus 20
    Spec od komputerów

    Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Cytat:
    :OTL
    IE - HKU\S-1-5-21-2917454170-1362837901-794280854-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
    IE - HKU\S-1-5-21-2917454170-1362837901-794280854-1001\..\SearchScopes\{52BAEEDB-9153-4273-A44E-91DFB19E51A4}: "URL" = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
    O4 - HKU\S-1-5-21-2917454170-1362837901-794280854-1001..\Run: [Facebook Update] C:\Users\ANK&ART&BOG\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - C:\ProgramData\dsgsdgdsgdsgw.bat ()
    [2013-01-20 14:41:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2917454170-1362837901-794280854-1001UA.job
    [2013-01-19 23:41:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2917454170-1362837901-794280854-1001Core.job
    [2013-01-20 15:35:36 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
    [2013-01-20 15:35:36 | 000,000,069 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
    [2013-01-20 15:35:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
    @Alternate Data Stream - 1182 bytes -> C:\Program Files (x86)\Common Files\System:VK5gAlkj2cIx9TC2S6E7lt2R
    @Alternate Data Stream - 1138 bytes -> C:\Users\ANK&ART&BOG\AppData\Local\Temp:ydJxUdSFJj6N32SYHPV7h
    @Alternate Data Stream - 1114 bytes -> C:\ProgramData\Microsoft:g1aiGSNisNdRbOCCn1s8IjRLVif
    @Alternate Data Stream - 1081 bytes -> C:\ProgramData\Microsoft:BNuOMM1GaWtP7UvR3ulzOQL

    :Commands
    [emptytemp]


    Kliknij Wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
    Pokaż nowy log OTL.txt oraz raport z usuwania.

    0
  • #6 20 Sty 2013 18:07
    Kolobos
    Spec od komputerów

    Wykonaj to co napisalem. Skoro widzisz, ze skrypty sie roznia to wykonujesz OBA.

    Zbedne produkowanie postow przez lenistwo autora.

    Zrob tez skan przy pomocy mbam oraz cureit.

    0
  • #7 20 Sty 2013 18:39
    szumi_szumi
    Poziom 2  

    Log i raport

    Code:
    All processes killed
    
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-2917454170-1362837901-794280854-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2917454170-1362837901-794280854-1001\Software\Microsoft\Internet Explorer\SearchScopes\{52BAEEDB-9153-4273-A44E-91DFB19E51A4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BAEEDB-9153-4273-A44E-91DFB19E51A4}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2917454170-1362837901-794280854-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
    C:\Users\ANK&ART&BOG\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\PROGRA~3\dsgsdgdsgdsgw.bat deleted successfully.
    File C:\ProgramData\dsgsdgdsgdsgw.bat not found.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917454170-1362837901-794280854-1001UA.job moved successfully.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917454170-1362837901-794280854-1001Core.job moved successfully.
    File C:\ProgramData\dsgsdgdsgdsgw.reg not found.
    File C:\ProgramData\dsgsdgdsgdsgw.bat not found.
    File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
    Unable to delete ADS C:\Program Files (x86)\Common Files\System:VK5gAlkj2cIx9TC2S6E7lt2R .
    Unable to delete ADS C:\Users\ANK&ART&BOG\AppData\Local\Temp:ydJxUdSFJj6N32SYHPV7h .
    Unable to delete ADS C:\ProgramData\Microsoft:g1aiGSNisNdRbOCCn1s8IjRLVif .
    Unable to delete ADS C:\ProgramData\Microsoft:BNuOMM1GaWtP7UvR3ulzOQL .
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: ANK&ART&BOG
    ->Temp folder emptied: 413441 bytes
    ->Temporary Internet Files folder emptied: 37294 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 53712989 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Public
    ->Temp folder emptied: 0 bytes
     
    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 502832 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 52,00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 01202013_182330

    Files\Folders moved on Reboot...
    C:\Users\ANK&ART&BOG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\fb_2060.lck not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    0
  • #8 21 Sty 2013 08:23
    Kolobos
    Spec od komputerów

    Dlaczego nie wykonales skanowania przy pomocy mbam oraz cureit?

    Daj tez log z TDSSKiller.

    0