prośba o sprawdzenie loga z OTL

[mayday]

Wklejka #549458 | Wklej.org

 

wyskakują mi reklamy w IE choć go nie używam, co jest przyczyną? bardzo irytujące! pomocy

[Kolobos]

Przyczyna jest infekcja, jak zwykle.

 

Dlaczego nie dales extras.txt?

 

Zrob skan przy pomocy mbam oraz cureit.

 

Wszyscy chwala te platne antywirusy, a jak widac Nod nawet nie wykryl infekcji, nie mowiac o usunieciu.

 

Podlacz zainfekowane pendrivey (g: i f:, o ile jeszcze je masz + wszystkie, ktore podlaczales do komputera) i uzyj USBFix, opcja Deletion, wczesniej zmien nazwe katalogow x:\muza, x:\muzyka o ile masz takie na jakims dysku.

 

Odinstaluj:

Casino Toolbar

 

Wykonaj skrypt w OTL:

 

:OTL

PRC - [2011-06-15 11:54:45 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Roxi i Daff\Ustawienia lokalne\Temp\Pfi.exe

PRC - [2011-06-15 11:54:40 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\Roxi i Daff\Ustawienia lokalne\Temp\Pfh.exe

PRC - [2011-06-15 11:54:37 | 000,234,496 | ---- | M] () -- C:\WINDOWS\Pgihoa.exe

MOD - [2011-06-20 08:09:01 | 000,117,760 | RHS- | M] () -- C:\Documents and Settings\Roxi i Daff\Ustawienia lokalne\Temp\apiqq0.dll

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15780

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

[2011-02-11 14:14:24 | 000,000,000 | ---D | M] (Casino Toolbar) -- C:\Documents and Settings\Roxi i Daff\Dane aplikacji\Mozilla\Firefox\Profiles\2kmk26m6.default\extensions\{0f3a3a36-ddba-493e-b538-f9e52eeea9c3}

[2011-05-31 08:11:25 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Roxi i Daff\Dane aplikacji\Mozilla\Firefox\Profiles\2kmk26m6.default\searchplugins\askcom.xml

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKCU..\Run: [api32] C:\Documents and Settings\Roxi i Daff\Ustawienia lokalne\Temp\apiqq.exe ()

O4 - HKCU..\Run: [W1WIWQ1NPG] C:\WINDOWS\Pgihoa.exe ()

O4 - HKCU..\Run: [YDZ1QVAGOJ] C:\Documents and Settings\Roxi i Daff\Ustawienia lokalne\Temp\Pfh.exe ()

O33 - MountPoints2\{06a55b4b-bfd1-11df-bdb8-0015f2b556e3}\Shell\AutoRun\command - "" = F:\lpl.exe

O33 - MountPoints2\{06a55b4b-bfd1-11df-bdb8-0015f2b556e3}\Shell\open\Command - "" = F:\lpl.exe

O33 - MountPoints2\{0ab8ec3d-6be6-11e0-be56-0015f2b556e3}\Shell\AutoRun\command - "" = Autorun.exe /run

O33 - MountPoints2\{0ab8ec3d-6be6-11e0-be56-0015f2b556e3}\Shell\Shell00\Command - "" = Autorun.exe /run

O33 - MountPoints2\{0ab8ec3d-6be6-11e0-be56-0015f2b556e3}\Shell\Shell01\Command - "" = Autorun.exe /action

O33 - MountPoints2\{0ab8ec3d-6be6-11e0-be56-0015f2b556e3}\Shell\Shell02\Command - "" = Autorun.exe /uninstall

O33 - MountPoints2\{3eadeffc-0c0b-11e0-be02-0015f2b556e3}\Shell\AutoRun\command - "" = F:\lpl.exe

O33 - MountPoints2\{3eadeffc-0c0b-11e0-be02-0015f2b556e3}\Shell\open\Command - "" = F:\lpl.exe

O33 - MountPoints2\{63fa8066-3397-11df-bd4e-0015f2b556e3}\Shell - "" = AutoRun

O33 - MountPoints2\{63fa8066-3397-11df-bd4e-0015f2b556e3}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe

O33 - MountPoints2\{65ec4aac-f2eb-11df-bde9-0015f2b556e3}\Shell\AutoRun\command - "" = F:\lpl.exe

O33 - MountPoints2\{65ec4aac-f2eb-11df-bde9-0015f2b556e3}\Shell\open\Command - "" = F:\lpl.exe

O33 - MountPoints2\{7a817398-9ee6-11df-bd98-000e2efde813}\Shell\AutoRun\command - "" = F:\lpl.exe

O33 - MountPoints2\{7a817398-9ee6-11df-bd98-000e2efde813}\Shell\open\Command - "" = F:\lpl.exe

O33 - MountPoints2\{c5163412-3cca-11df-bd65-0015f2b556e3}\Shell\AutoRun\command - "" = G:\lpl.exe

O33 - MountPoints2\{c5163412-3cca-11df-bd65-0015f2b556e3}\Shell\open\Command - "" = G:\lpl.exe

O33 - MountPoints2\{cd389b71-cd49-11df-bdc2-0015f2b556e3}\Shell\AutoRun\command - "" = F:\lpl.exe

O33 - MountPoints2\{cd389b71-cd49-11df-bdc2-0015f2b556e3}\Shell\open\Command - "" = F:\lpl.exe

O33 - MountPoints2\{d2b1d97e-5e83-11e0-be49-0015f2b556e3}\Shell\AutoRun\command - "" = F:\lpl.exe

O33 - MountPoints2\{d2b1d97e-5e83-11e0-be49-0015f2b556e3}\Shell\open\Command - "" = F:\lpl.exe

O33 - MountPoints2\{d4c3319c-d049-11df-bdc5-0015f2b556e3}\Shell\AutoRun\command - "" = F:\lpl.exe

O33 - MountPoints2\{d4c3319c-d049-11df-bdc5-0015f2b556e3}\Shell\open\Command - "" = F:\lpl.exe

O33 - MountPoints2\{ef1eea1c-dffc-11df-bdd5-0015f2b556e3}\Shell\AutoRun\command - "" = F:\lpl.exe

O33 - MountPoints2\{ef1eea1c-dffc-11df-bdd5-0015f2b556e3}\Shell\open\Command - "" = F:\lpl.exe

O33 - MountPoints2\{fea7460c-f21f-11df-bde8-0015f2b556e3}\Shell - "" = AutoRun

O33 - MountPoints2\{fea7460c-f21f-11df-bde8-0015f2b556e3}\Shell\AutoRun\command - "" = F:\iStudio.exe

O33 - MountPoints2\{fea7460d-f21f-11df-bde8-0015f2b556e3}\Shell\AutoRun\command - "" = G:\lpl.exe

O33 - MountPoints2\{fea7460d-f21f-11df-bde8-0015f2b556e3}\Shell\open\Command - "" = G:\lpl.exe

[2011-06-20 08:55:51 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

[2011-06-20 08:52:28 | 000,000,053 | RHS- | M] () -- C:\autorun.inf

[2011-06-20 08:45:09 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2011-06-20 08:43:23 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

[2011-06-20 08:08:53 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\Mhqcitu.job

[2011-06-15 11:55:26 | 000,106,496 | RHS- | M] () -- C:\WINDOWS\System32\ntlanuin.dll

[2011-06-15 11:54:37 | 000,234,496 | ---- | M] () -- C:\WINDOWS\Pgihoa.exe

 

:Commands

[emptytemp]

 

 

 

Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe

 

Po wykonaniu daj nowy log, tylko tym razem nie zmieniaj na 7dni. Ustaw za to lop i purity + wszyscy uzytkownicy.