SafeGroup

SafeGroup > Bezpieczeństwo > Pomoc po zainfekowaniu > Proszę o sprawdzenie Logów
Pełna wersja: Proszę o sprawdzenie Logów
Aktualnie przeglądasz uproszczoną wersję forum. Kliknij tutaj, by zobaczyć wersję z pełnym formatowaniem.

Idanox

08.10.2013, 22:15
Skanowałem Ostatnio zakupionym programem Bitdefender i znalazł mi 5 wirusów. Chciał bym mieć pewność żewszystko jest w dobrze.
Logi:
Tutaj umieść linki do logów z OTL i RSIT
OTL

[Aby zobaczyć linki, zarejestruj się tutaj]

Extras

[Aby zobaczyć linki, zarejestruj się tutaj]


Dziękuje za pomoc i chęci

tachion

09.10.2013, 18:00
Odinstaluj:

Akamai NetSession Interface
WebConnect 3.0.0
Pando Media Booster
LogMeIn Hamachi [Jeśli nie potrzebne]
Bundled software uninstaller
FileHippo.com Update Checker
IObit Malware FighterSmile
Mozilla Maintenance Service

W google chrome,pasku adresów wklep chrome//pluginsi wyłącz Pando Web Plugin

Do OTL w okienko własne opcje skanowania skrypt wklej i wykonaj:

Kod:
:Services
UxTuneUp

:OTL
PRC - [2013-09-23 21:13:01 | 000,966,656 | ---- | M] () -- C:\Users\User\AppData\Roaming\Suchy Powiadamiacz\0.3.4990.21327\SuchyPowiadamiacz.exe
IE - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E272BC5FF4739620&affID=119357&tsp=5003
IE - HKU\S-1-5-21-3247040779-3550652454-296456085-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = aboutNoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
E:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = aboutSecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = aboutblank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = aboutNoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = aboutSecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = aboutblank
IE - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..\SearchScopes,DefaultScope = {FFB7770D-660E-4A25-A9AA-69087F083A94}
IE - HKU\S-1-5-21-3247040779-3550652454-296456085-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = aboutblank
MOD - [2013-09-23 21:13:01 | 000,966,656 | ---- | M] () -- C:\Users\User\AppData\Roaming\Suchy Powiadamiacz\0.3.4990.21327\SuchyPowiadamiacz.exe
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O4 - HKU\S-1-5-21-3247040779-3550652454-296456085-1000..\Run: [suchypowiadamiacz] C:\Users\User\AppData\Roaming\Suchy Powiadamiacz\0.3.4990.21327\SuchyPowiadamiacz.exe ()
O8:[b]64bit:[/b] - Extra context menu item: LastPass - file://C:\Users\User\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:[b]64bit:[/b] - Extra context menu item: Wypełnij formularze LastPass - file://C:\Users\User\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\User\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: Wypełnij formularze LastPass - file://C:\Users\User\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..Trusted Domains: 4game.com ([]https in Zaufane witryny)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..Trusted Domains: aeriagames.com ([]http in Zaufane witryny)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..Trusted Domains: aeriagames.com ([]https in Zaufane witryny)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..Trusted Domains: clonewarsadventures.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..Trusted Domains: freerealms.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..Trusted Domains: soe.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1000\..Trusted Domains: sony.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1001\..Trusted Domains: 4game.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3247040779-3550652454-296456085-1001\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Reg Error: Value error.)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Reg Error: Value error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Reg Error: Value error.)
[2013-08-17 19:07:34 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\kdniczjc.default\extensions\[email protected]
[2013-05-18 16:39:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugin
[2013-05-18 16:39:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

:Files
C:\Windows\tasks\*.*
$RECYCLE.BIN /alldrives
C:\Config.Msi

:Commands
[EMPTYTEMP]


Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

kliknij Scani następnie Clean

Następnie uruchom OTLponownie i kliknij Skanuj . Przedstaw nowy log OTLoraz raport po wykonaniu,jak i raport z Adwcleaner .
SafeGroup > Bezpieczeństwo > Pomoc po zainfekowaniu > Proszę o sprawdzenie Logów