SafeGroupBezpieczeństwoPomoc po zainfekowaniu v
delta, akamai netsession i inne śmieci

Tryby wyświetlania wątku
delta, akamai netsession i inne śmieci
dre4merOn Offline
Dyskutant
Liczba postów: 272
Liczba wątków: 100
Dołączył: 28.04.2012
Reputacja: 1
#1
08.09.2013, 15:42
Objawy zainfekowania:
Spowolniony komputer, chodzi klatkowo jakby sterowników nie było, a są zainstalowane w menadżer urządzeń nie ma wykrzykników.

Wykonywane działania:
Nie skanowałem ale w dodaj usuń programy jest delta i akamai. Mam norton 360, windows xp home edition.
Logi:


Załączone pliki
.txt   OTL.Txt (Rozmiar: 112,03 KB / Pobrań: 73)
.txt   Extras.Txt (Rozmiar: 48,89 KB / Pobrań: 96)
Szukaj
Odpowiedz
tachion Offline
Ekipa forum
Liczba postów: 4 766
Liczba wątków: 33
Dołączył: 16.02.2011
Reputacja: 507
#2
09.09.2013, 19:28
Odinstaluj:

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

Zainstaluj javedo najnowszej wersji

[Aby zobaczyć linki, zarejestruj się tutaj]



"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
Adobe Reader 7.0.5 - Polish #Zaktualizuj do wersji Adobe Reader XI 11.0.3 tylko pomiń DobreProgramy bo znowu sobie poinstalujesz sponsorskich aplikacji.
Akamai NetSession Interface Service
Akamai NetSession Interface
Delta toolbar
Delta Chrome Toolbar
Windows Internet Explorer 7
"LiveVDO plugin" = LiveVDO plugin 1.3
Smiley Bar for Facebook

Odinstaluj i zainstaluj Nortona 360jeszcze raz

W okienko własne opcje skanowania skrypt wklej i wykonaj:

Kod:
:OTL
SRV - [2013-07-01 21:48:10 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=a011280e-2032-11e2-a205-001bfc19f575
IE - HKLM\..\SearchScopes,DefaultScope = {50183D20-898E-4BC8-A31A-3AFD7F534461}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{B0B4E07D-99C8-4363-B0F6-E91C6488A956}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=a011280e-2032-11e2-a205-001bfc19f575&q={searchTerms}
IE - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\SearchScopes,DefaultScope = {50183D20-898E-4BC8-A31A-3AFD7F534461}
IE - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&affID=121284&tt=gc_&babsrc=SP_ss&mntrId=B033001BFC19F575
IE - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\SearchScopes\{2C2B0A92-4E8D-44A5-AF81-6D66E46A2B90}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=301E1C23-3EA8-4533-90AD-69408D50D0A1&apn_sauid=49B85911-C69F-4DCD-8C03-19E1AECF6F81&
IE - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\SearchScopes\{B0B4E07D-99C8-4363-B0F6-E91C6488A956}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=a011280e-2032-11e2-a205-001bfc19f575&q={searchTerms}
O2 - BHO: (Smiley Bar for Facebook) - {4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} - C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll (Plus Winks)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (no name) - Software - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-839522115-725345543-1005\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-861567501-839522115-725345543-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-8412036565-4317850798-121675482-2933\nissan.exe) -File not found
O33 - MountPoints2\{109ea68a-f4c7-11df-9e56-001bfc19f575}\Shell\AutoRun\command - "" = F:\Launcher.exe
O33 - MountPoints2\{1d901de0-6b3f-11df-9d8f-001bfc19f575}\Shell - "" = AutoRun
O33 - MountPoints2\{1d901de0-6b3f-11df-9d8f-001bfc19f575}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{1f426a48-bef4-11de-9c9d-001bfc19f575}\Shell - "" = AutoRun
O33 - MountPoints2\{1f426a48-bef4-11de-9c9d-001bfc19f575}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{3f9fe494-1928-11dd-99a8-001bfc19f575}\Shell - "" = AutoRun
O33 - MountPoints2\{3f9fe494-1928-11dd-99a8-001bfc19f575}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{3f9fe495-1928-11dd-99a8-001bfc19f575}\Shell\AutoRun\command - "" = G:\USBNB.exe
[2006-09-26 13:24:58 | 006,407,070 | ---- | C] () -- C:\Documents and Settings\Misiek\DSC0897
[2006-08-01 20:33:28 | 009,239,444 | ---- | C] () -- C:\Program Files\PDFCreator.rar
[2006-07-17 21:15:06 | 000,253,952 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mkskwar.dll
[2006-07-17 21:15:04 | 001,052,672 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mksfirewallresen.dll
[2006-07-17 21:15:01 | 001,052,672 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mksfirewallen.lng
[2006-07-17 21:14:58 | 001,384,448 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mksfirewall.ocx
[2006-07-17 21:14:53 | 000,103,452 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mksbase.bin
[2006-07-17 21:14:52 | 001,053,916 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mks2k6.chm
[2006-07-17 21:14:50 | 000,018,097 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mks2006.exe.manifest
[2006-07-17 21:14:47 | 000,001,501 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mks2006.application
[2006-07-17 21:14:46 | 000,018,589 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mainwindow.resx
[2006-07-17 21:14:44 | 000,064,000 | ---- | C] () -- C:\Program Files\MKS_VIR_2006localps.dll
[2006-07-17 21:14:44 | 000,004,196 | ---- | C] () -- C:\Program Files\MKS_VIR_2006mailscan.xsl
[2006-07-17 21:14:43 | 000,105,472 | ---- | C] () -- C:\Program Files\MKS_VIR_2006filesend.dll
[2006-07-17 21:14:43 | 000,054,784 | ---- | C] () -- C:\Program Files\MKS_VIR_2006ipc.dll
[2006-07-17 21:14:43 | 000,032,768 | ---- | C] () -- C:\Program Files\MKS_VIR_2006installspi.exe
[2006-07-17 21:14:43 | 000,018,420 | ---- | C] () -- C:\Program Files\MKS_VIR_2006language.enc
[2006-07-17 21:14:43 | 000,006,656 | ---- | C] ( ) -- C:\Program Files\MKS_VIR_2006interop.mksfirewalllib.dll
[2006-07-17 21:14:43 | 000,005,632 | ---- | C] ( ) -- C:\Program Files\MKS_VIR_2006interop.procman2006lib.dll
[2006-07-17 21:14:43 | 000,005,632 | ---- | C] ( ) -- C:\Program Files\MKS_VIR_2006interop.firewallatxlib.dll
[2006-07-17 21:14:43 | 000,004,445 | ---- | C] () -- C:\Program Files\MKS_VIR_2006firewall.xsl
[2006-07-17 21:14:42 | 000,047,804 | ---- | C] () -- C:\Program Files\MKS_VIR_2006end.wav
[2006-07-17 21:14:42 | 000,006,742 | ---- | C] () -- C:\Program Files\MKS_VIR_2006filescan.xsl
[2006-07-17 21:14:42 | 000,005,824 | ---- | C] () -- C:\Program Files\MKS_VIR_2006down.wav
[2006-07-17 21:14:42 | 000,001,162 | ---- | C] () -- C:\Program Files\MKS_VIR_2006buttons.enc
[2006-01-26 01:21:10 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Misiek\Dane aplikacji\user60.rdb
[2006-01-26 01:20:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Misiek\Dane aplikacji\sversion.ini
[2003-07-08 16:45:58 | 002,777,088 | ---- | C] (ACD Systems, Ltd.) -- C:\Program Files\ACDSee5.exe
[2003-07-08 16:45:58 | 000,053,248 | ---- | C] (ACD Systems Ltd.) -- C:\Program Files\ScreenCapture.dll
[2011-02-21 19:41:46 | 005,193,608 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe
[2006-07-17 21:14:53 | 000,122,880 | ---- | C] (MKS) -- C:\Program Files\MKS_VIR_2006mksfirewall.dll
[2006-07-17 21:14:49 | 000,974,848 | ---- | C] (MKS Sp z o.o.) -- C:\Program Files\MKS_VIR_2006mks2006.exe
[2006-07-17 21:14:46 | 000,032,768 | ---- | C] (MKS) -- C:\Program Files\MKS_VIR_2006mks.admin.transport.security.dll
[2006-07-17 21:14:46 | 000,028,672 | ---- | C] (MKS) -- C:\Program Files\MKS_VIR_2006mks.gui.controls.dll
[2006-07-17 21:14:46 | 000,028,672 | ---- | C] (MKS) -- C:\Program Files\MKS_VIR_2006mks.admin.agent.exe
[2006-07-17 21:14:46 | 000,020,480 | ---- | C] (MKS) -- C:\Program Files\MKS_VIR_2006mks.admin.transport.dll
[2006-07-17 21:14:46 | 000,016,384 | ---- | C] (MKS) -- C:\Program Files\MKS_VIR_2006mks.admin.management.dll
[2013-05-12 14:17:54 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Documents and Settings\Misiek\Dane aplikacji\Mozilla\Extensions\pluswinks@PlusWinks
[2006-11-07 10:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\MKS_VIR
[2006-09-06 16:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aga\Dane aplikacji\MKS_VIR
[2009-10-31 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aga\Dane aplikacji\pdfforge
[2009-10-31 16:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aga\Dane aplikacji\Search Settings
[2012-09-30 13:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011-10-21 19:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ask
[2013-05-12 14:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Babylon
[2009-01-27 11:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006-07-25 10:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iza\Dane aplikacji\MKS_VIR
[2009-12-21 19:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iza\Dane aplikacji\pdfforge
[2009-12-21 19:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iza\Dane aplikacji\Search Settings
[2013-08-25 18:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Misiek\Dane aplikacji\BabSolution
[2013-05-12 14:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Misiek\Dane aplikacji\Babylon
[2013-05-13 15:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Misiek\Dane aplikacji\Delta
[2006-08-21 19:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Misiek\Dane aplikacji\MKS_VIR
[2009-10-15 11:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Misiek\Dane aplikacji\pdfforge
[2009-10-15 11:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Misiek\Dane aplikacji\Search Settings
[2011-10-09 14:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Misiek\Dane aplikacji\searchquband

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

:Files
C:\Windows\tasks\*.*
C:\Program Files\Onet-SkypeSetup.exe

:Commands
[EMPTYTEMP]


W przeglądarce Google Chrome w pasku adresu wklep chrome//settingsprzejdź do ustawień, wybierz “Zarządzaj wyszukiwarkami”. Zmień wyszukiwarkę na Google
Po uruchomieniu- dodaj stronę która będzie tobie odpowiadać.

Następnie wklep w przeglądarkę chrome//extensionsi wymontuj LiveVDO pluginiCool Smiley Bar for Facebook

Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

kliknij Scani następnie Clean


Następnie uruchom OTLponownie i kliknij Skanuj . Przedstaw nowy log OTLoraz raport po wykonaniu,jak i raport z Adwcleaner .
Szukaj
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości