• (gość portalu) Zaloguj się
  • Na podany adres zostanie wysłany e-mail potwierdzający a następnie dalsze powiadomienia

  • Wysłany przez Ciebie post może pojawić się z opóźnieniem do kilku minut.

Odpowiadasz na:

Gość portalu: Kolobos  napisał(a): 

> Widze, ze ta infekcja znowu zrobila sie modna.. 
> 
> Zrob skan przy pomocy cureit. 
> 
> Odinstaluj: Winamp Toolbar, Ask Toolbar, BrotherSoft Extreme Customized Web Sea
> rch, Conduit Engine.
> 
> Wykonaj skrypt w OTL:
> 
> :OTL 
> DRV - [2008-04-14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [K
> ernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Change
> r)
> DRV - [2008-04-14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | 
> System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
> IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alawar.
> pl
> IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program
>  Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://open-ar
> ticles.net
> IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program
>  Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
> FF - prefs.js..browser.search.defaultengine: "Ask.com"
> FF - prefs.js..browser.search.defaultenginename: "Ask.com"
> FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Cust
> omized Web Search"
> FF - prefs.js..browser.search.defaulturl: "search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
> FF - prefs.js..browser.search.order.1: "Ask.com"
> FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
> FF - prefs.js..keyword.URL: "search.conduit.com/ResultsExt.aspx?ctid=CT2776682&q="
>  [2010-05-15 13:40:05 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Document
> s and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\2dhva3cz.default\ex
> tensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
> [2011-02-17 10:54:20 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community T
> oolbar) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profil
> es\2dhva3cz.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
> [2011-02-17 10:54:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents
>  and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\2dhva3cz.default\ext
> ensions\engine@conduit.com
> [2011-02-16 21:05:10 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\
> user\Dane aplikacji\Mozilla\Firefox\Profiles\2dhva3cz.default\searchplugins\ask
> com.xml
> [2010-09-16 18:48:08 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\
> user\Dane aplikacji\Mozilla\Firefox\Profiles\2dhva3cz.default\searchplugins\con
> duit.xml
> [2010-05-15 13:55:57 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\
> user\Dane aplikacji\Mozilla\Firefox\Profiles\2dhva3cz.default\searchplugins\win
> amp-search.xml
> O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:
> \Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
> O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
>  - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
> O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864
> F13} - No CLSID value found.
> O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127
> 440} - No CLSID value found.
> O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB
> 198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
> O4 - HKLM..\Run: [KernelFaultCheck]  File not found
> O4 - HKCU..\Run: [NVIDIA driver monitor]  File not found
> O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Us
> ers\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html (
> )
> O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
> O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830
> C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologi
> es)
> O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58
> -B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeie
> plugin.dll (Skype Technologies S.A.)
> O32 - AutoRun File - [2009-08-30 15:03:33 | 000,000,089 | ---- | M] () - E:\AUT
> ORUN.INF -- [ NTFS ]
> O33 - MountPoints2\{a102bdff-522f-11df-8aa9-806d6172696f}\Shell\AutoRun\command
>  - "" = E:\setupSNK.exe -- [2008-04-14 21:51:50 | 000,028,672 | ---- | M] (Micr
> osoft Corporation)
> O33 - MountPoints2\{ac1896a9-5222-11df-8154-6c50dc200042}\Shell\AutoRun\command
>  - "" = H:\SEVEBOMBA/gasgas.exe
> O33 - MountPoints2\{ac1896a9-5222-11df-8154-6c50dc200042}\Shell\open\command - 
> "" = H:\SEVEBOMBA/gasgas.exe
> O34 - HKLM BootExecute: (autocheck) -  File not found
> O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
> [2011-02-08 15:13:53 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\Sy
> stem32\drivers\lbrtfdc.sys
> [2011-02-08 15:13:53 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\Sy
> stem32\dllcache\lbrtfdc.sys
> [2011-02-08 15:13:47 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WI
> NDOWS\System32\dllcache\i2omgmt.sys
> [2011-02-08 15:13:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WI
> NDOWS\System32\drivers\changer.sys
> [2011-02-08 15:13:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WI
> NDOWS\System32\dllcache\changer.sys
> [2011-02-06 21:59:34 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\
> user\Dane aplikacji\BL6F8CG81F.txt
> 
> :Commands
> [emptytemp]
> 
> Po wykonaniu skryptu usun w menadzerze urzadzen urzadzenia audio, ktore dodala 
> ta infekcja, to one powoduja dlugi start.
> 
> Uzyj SecurityCheck: screen317.spywareinfoforum.org/SecurityCheck.exe i sprawdz do czego musisz zainstalowac aktualizacje. 
> Uzyj tez USBFix, opcja Vaccinate. 
> 
> Po wszystkim daj nowy log z OTL. 

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się