Fałszywy anty-wirus

**Posty:** 1 · przez **Spontor** 03 Maj 2010, 15:56

Więc tak wczoraj załadował mi się fałszywy anty-wir który ciągle wyszukiwał wirusy i blokował wszystko co się dało(deskop secutiry system 2010) kazał mi kupić licencje żebym mógł usunąć te rzekome "wirusy". Zeskanowałem kompa wywaliłem ten syf i było git malina jednak dzisiaj wchodzę na kompa i na wejściu otwierają mi się 2 foldery Nero oraz Ustawienia lokalne czy coś takiego. oraz to

link jak by komuś nie czytało

Kod: Zaznacz wszystko: http://www.fotosik.pl/pokaz_obrazek/pelny/7bb631c8b02931db.html

to coś każe mi kupić na tej stronie "total codeck pack" i takie coś mi wyskakuje jak włączę np filmik na you-tube albo na przykład GTa wyskakuje windows missing codec
tylko z ikoną danej aplikacji. robiłem pełnego skana wywaliłem cały ten syf ale na nic nie zadziałało.
proszę o Pomoc.

OTL-http://www.wklej.org/id/327452/

RSIT-http://www.wklej.org/id/327454/

z GMER`a nie moge bo wyskakuje ciągle raport o błędach przy włączaniu

**Posty:** 1916 · przez **lamar** 03 Maj 2010, 17:48

Zastosuj się do zasad wstawiania logów :
- brak logów z OTL
- brak loga z Gmera

**Posty:** 18165 · przez **wojtas** 03 Maj 2010, 20:24

z Gmera nie udaje się bo aktywny plik:

DRV - [2010-05-03 09:15:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

poczytaj programy emulujące napędy

Log z OTL robiony w złych ustawieniach... popatrz w przyklejonym u Nas jak ma wyglądać:) z OTL dajemy 2 logi

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - [2010-05-02 18:38:50 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\Kamild\Ustawienia lokalne\Temp\egxhpj.exe
SRV - File not found [Auto | Stopped] -- -- (tibiaownage)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66020
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Brothersoft Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Brothersoft Customized Web Search"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.113
FF - prefs.js..extensions.enabledItems: {e8de9422-3b2c-4243-bf6f-235da84d8ef8}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.90
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&q="
FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/startpage|www.google.pl"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egxhpj] C:\Documents and Settings\Kamild\Ustawienia lokalne\Temp\egxhpj.exe ()
O4 - HKLM..\Run: [LiteDAEMONSetup44] C:\Documents and Settings\Kamild\Ustawienia lokalne\Temp\egxhpj.exe ()
O4 - HKCU..\Run: [mtg1qeusc6op] C:\Documents and Settings\Kamild\Ustawienia lokalne\Temp\m.22D8.tmp.exe ()
O4 - HKLM..\RunServices: [ActiveXSidebar1003] C:\Program Files\Thoosje Vista Sidebar\ThoosjeSidebar.exe ()
O4 - HKLM..\RunServices: [DAEMONLite] C:\Documents and Settings\Kamild\Ustawienia lokalne\Temp\egxhpj.exe ()
O4 - HKLM..\RunServices: [egxhpj] C:\Documents and Settings\Kamild\Ustawienia lokalne\Temp\egxhpj.exe ()
O4 - HKLM..\RunServices: [oqnt] c:\Documents and Settings\Kamild\Ustawienia lokalne\Temp\oqnt.exe ()
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O33 - MountPoints2\{13dbe746-38bf-11de-8234-000fea57450d}\Shell\AutoPlay\comMand - "" = M:\qsmtc.pif -- File not found
O33 - MountPoints2\{13dbe746-38bf-11de-8234-000fea57450d}\Shell\AutoRun\command - "" = M:\qsmtc.pif -- File not found
O33 - MountPoints2\{13dbe746-38bf-11de-8234-000fea57450d}\Shell\exPloRe\cOMmanD - "" = M:\qsmtc.pif -- File not found
O33 - MountPoints2\{13dbe746-38bf-11de-8234-000fea57450d}\Shell\oPEn\Command - "" = M:\qsmtc.pif -- File not found
O33 - MountPoints2\{20e12ddb-d29b-11dd-80ba-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{20e12ddb-d29b-11dd-80ba-000fea57450d}\Shell\1\Command - "" = M:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{372e5a96-2207-11de-81bf-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{372e5a96-2207-11de-81bf-000fea57450d}\Shell\1\Command - "" = L:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{6449701f-0e5c-11df-84b7-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{6449701f-0e5c-11df-84b7-000fea57450d}\Shell\1\Command - "" = M:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{7dcb8576-8dca-11de-8342-000fea57450d}\Shell\AutoplAy\cOMMAnD - "" = M:\qtbs.pif -- File not found
O33 - MountPoints2\{7dcb8576-8dca-11de-8342-000fea57450d}\Shell\AutoRun\command - "" = M:\qtbs.pif -- File not found
O33 - MountPoints2\{7dcb8576-8dca-11de-8342-000fea57450d}\Shell\ExpLore\commaND - "" = M:\qtbs.pif -- File not found
O33 - MountPoints2\{7dcb8576-8dca-11de-8342-000fea57450d}\Shell\oPen\COMmAND - "" = M:\qtbs.pif -- File not found
O33 - MountPoints2\{8726e04c-f384-11dd-812e-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{8726e04c-f384-11dd-812e-000fea57450d}\Shell\1\Command - "" = M:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{8726e04d-f384-11dd-812e-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{8726e04d-f384-11dd-812e-000fea57450d}\Shell\1\Command - "" = N:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{9bda1c0d-6c85-11de-82fd-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{9bda1c0d-6c85-11de-82fd-000fea57450d}\Shell\1\Command - "" = M:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{aad0dfe8-8268-11de-8334-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{b71d1dd8-4ee3-11de-8286-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{b71d1dd8-4ee3-11de-8286-000fea57450d}\Shell\1\Command - "" = M:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{ccdb3458-c3ea-11de-83cf-000fea57450d}\Shell - "" = AutoRun
O33 - MountPoints2\{ccdb3458-c3ea-11de-83cf-000fea57450d}\Shell\1\Command - "" = M:\.\recycled\info.exe -- File not found
@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8

:Files
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\Program Files\Ask.com
C:\Program Files\DAEMON Tools Toolbar
C:\Documents and Settings\Kamild\Dane aplikacji\Mozilla\Firefox\Profiles\53bzeu0y.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
C:\Documents and Settings\Kamild\Dane aplikacji\Mozilla\Firefox\Profiles\53bzeu0y.default\extensions\DTToolbar@toolbarnet.com
C:\Documents and Settings\Kamild\Dane aplikacji\Mozilla\Firefox\Profiles\53bzeu0y.default\searchplugins\askcom.xml
C:\Documents and Settings\Kamild\Dane aplikacji\Mozilla\Firefox\Profiles\53bzeu0y.default\searchplugins\conduit.xml
C:\Documents and Settings\Kamild\Dane aplikacji\Mozilla\Firefox\Profiles\53bzeu0y.default\searchplugins\daemon-search.xml
C:\Documents and Settings\Kamild\Dane aplikacji\Mozilla\Firefox\Profiles\53bzeu0y.default\searchplugins\mp3-finder.xml

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]

Kliknij w Run Fix. I potwierdź reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera + log z Gmera